Engineer II - Insider Threat

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
Job Details
Position Summary
The Engineer II, Insider Threat is a mid-level role within our Cyber Defense organization focused on detecting, investigating, and reducing risk from malicious, negligent, or compromised insiders. In this role, you'll combine investigative rigor with strong Data Loss Prevention (DLP) engineering skills to protect sensitive data and improve our detection capabilities over time.
You'll work cross-functionally with Human Resources, Legal, Compliance, and Corporate Security on sensitive matters, and you'll help mature our insider threat program through better telemetry, tuned controls, repeatable playbooks, and clear reporting.
What You'll Do (Key Responsibilities)
DLP Engineering & Operations (Core Focus)

• Administer and continuously tune DLP policies/rules to reduce risky data movement while minimizing false positives and business disruption.
• Investigate and respond to DLP alerts, validate severity, identify the data and pathway involved, and drive incident handling to resolution.
• Partner with stakeholders to refine data classification, detection logic, and control coverage across common exfil paths (email, web uploads, endpoints/USB, cloud sharing, collaboration platforms).
• Build and improve DLP-related playbooks, workflows, and response standards (triage steps, evidence collection, escalation paths, and post-incident improvements).

Insider Threat Monitoring & Investigation

• Monitor user activity signals (identity, endpoint, email, collaboration tools, cloud activity, etc.) to identify suspicious behavior and potential insider risk.
• Lead low to moderate-complexity investigations involving data misuse/exfiltration, policy violations, fraud indicators, or compromised accounts, and escalate higher-risk cases with strong evidence and timelines.
• Produce high-quality documentation: investigation notes, evidence packages, root cause summaries, and stakeholder-ready reports.
• What Success Looks Like (First 6-12 Months)
• DLP policies are measurably better tuned (lower false positives, higher signal quality), with documented rationale and change control.
• Investigations are timely, well-documented, and defensible, with clear outcomes and stakeholder communication.
• New or improved insider threat use cases/playbooks are implemented based on investigation learnings and emerging risk patterns.

Education and Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Behavioral Science, or equivalent practical experience.
• 3-5 years of progressive experience in cybersecurity, investigations, or risk management, including 1+ year hands-on in DLP operations and/or insider threat monitoring.
• Practical experience administering or operating DLP controls: policy creation, tuning, alert triage, incident response support, and reporting.
• Strong written and verbal communication skills, including the ability to brief stakeholders and document investigations clearly.
• Demonstrated discretion handling sensitive/confidential investigations.

Knowledge & Domain Familiarity

• Insider threat concepts: behavioral indicators, user activity monitoring, investigative methods, and evidence handling.
• Privacy/compliance/employment standards relevant to investigations (e.g., GDPR, HIPAA, SOX, CCPA) and the need-to-know principle.

Preferred Certifications (Nice to Have)

• GIAC GCIH
• CompTIA Security+ or CySA+
• CEH
• SSCP

What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora
Full time
Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.
Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email [email protected]. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
Affiliated Companies
Affiliated Companies: AmerisourceBergen Services Corporation