Easy Apply
Easy Apply
Triage and investigate insider threat alerts using SIEM, UBA, DLP, and endpoint detection; collect evidence, conduct interviews, coordinate with Legal/HR, produce investigative reports, and recommend mitigations and detection improvements.
Ready to do the most impactful work of your career? At Coinbase, we are uncompromising on our mission to increase economic freedom. The bar is high, the environment is intense, and we like it that way. This isn't a place for complacency, it’s a place to be pushed past your perceived limits. If you're ready to build the future of finance alongside people who refuse to settle for "good enough," you belong here. Coinbase is a remote-first, but not remote-only company. Expect to get together quarterly for intense in-person working sessions called “surges.” learn more about working at Coinbase.
You'll join the Insider Threat team within Coinbase's Security Operations organization as an Insider Threat Analyst. This team protects billions of dollars in digital assets and the trust of millions of customers by detecting, investigating, and mitigating threats from inside the organization. You'll serve as the front line for insider threat detection, triaging alerts, conducting investigations, and partnering cross-functionally with Security, Legal, HR, and business teams to safeguard Coinbase as it scales globally.
What you'll do:
- Execute alert triage, correlation, and analysis across insider threat detection systems (SIEM, UBA, DLP, endpoint detection), prioritizing findings and escalating recommendations for investigation and mitigation.
- Support investigations end to end, from initial triage and evidence collection through employee interviews and stakeholder coordination, delivering clear documentation of findings, risk assessment, and recommended next steps.
- Partner with Security, Legal, HR, and business teams to design and execute processes that identify and mitigate insider risks, including abuse and misuse across company systems.
- Build case documentation and investigative reports that translate complex technical findings into concise, decision-ready briefs and assessments for leadership and cross-functional stakeholders.
- Drive improvements to insider threat detection by identifying recurring control gaps, refining alerting logic, and recommending scalable solutions that reduce insider risk across the organization.
Required Skills and Experience:
- 2+ years of experience in insider threat, security operations, investigations, fraud detection, or a closely related discipline, with hands-on use of insider threat technologies (SIEM, UBA, DLP, endpoint detection) and log analysis.
- Demonstrated experience conducting or supporting investigations involving sensitive employee matters, including evidence collection, interviewing techniques, and stakeholder coordination.
- Proven ability to translate complex security problems into clear, actionable recommendations, including composing investigative briefs and assessments consumed by leadership.
- Working knowledge of the insider threat landscape, including legal, regulatory, and ethical considerations of handling sensitive information, and experience with customer service tools or financial analysis.
- Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.
Position ID: P77055
#LI-Remote
Pay Transparency Notice: Base salary varies by location (see range below). Total compensation may also include equity and bonus eligibility, and benefits (medical, dental, vision, 401(k)).
Annual base salary range (excluding equity and bonus):
$135,320—$159,200 USD
- Application Limit: Candidates may submit a maximum of 3 applications within a 6-month period.
- Equal Opportunity Employer: Coinbase is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or genetic information. Applicants with criminal histories will be considered consistent with applicable federal, state, and local laws.
- US Applicants: View Employee Rights, Know Your Rights, and E-Verify Notice of Participation.
- Accommodations: If you are an individual with a disability who needs a reasonable accommodation, email us your request and contact info at accommodations[at]coinbase.com. Need screen reading technology? Click here to download a free compatible screen reader and view the tutorial.
- Data Privacy & Arbitration: By submitting your application, you agree to our Candidate Privacy Notice. US applicants: By submitting your application, you agree to Arbitration of Disputes.
- AI Disclosure: Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. Coinbase will not use AI to make decisions impacting employment.
Similar Jobs at Coinbase
.png)
Artificial Intelligence • Blockchain • Fintech • Financial Services • Cryptocurrency • NFT • Web3
Lead end-to-end insider threat investigations, triage alerts from SIEM/UBA/DLP/endpoint signals, collect evidence and conduct interviews, produce decision-ready briefs and risk assessments, drive detection and automation improvements, and partner with Legal, HR, and business teams to reduce insider risk at scale.
Top Skills:
DlpEndpoint DetectionGenerative AiLog AnalysisSIEMUba
Artificial Intelligence • Blockchain • Fintech • Financial Services • Cryptocurrency • NFT • Web3
Design, build, and maintain Salesforce applications and integrations to support institutional sales, billing, and compliance. Own end-to-end feature delivery, collaborate with product and business stakeholders, ensure engineering quality through reviews and documentation, mentor junior engineers, and support operations via on-call rotations and incident triage.
Top Skills:
ApexCi/CdEtl ToolingExperience CloudFlowsGeminiGenerative Ai Tools (LibrechatGitGlean)Lightning Web ComponentsMiddleware PlatformsMulti-Sandbox Environment ManagementPackagingPlatform EventsRelease ManagementRest ApisSales CloudSalesforceService Cloud
Artificial Intelligence • Blockchain • Fintech • Financial Services • Cryptocurrency • NFT • Web3
Build software at Coinbase while responsibly using and integrating generative AI copilots (e.g., LibreChat, Gemini, Glean). Continuously learn evolving tools, apply human-in-the-loop practices, and deliver business-ready outputs that improve efficiency, cost, and quality. Participate in quarterly in-person working sessions as part of a remote-first culture.
Top Skills:
GeminiGleanLibrechat
What you need to know about the Chicago Tech Scene
With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory
