Insider Threat Analyst

Coinbase
US
Remote

Who this role is best for

Best suited to mid-level security professionals with experience in insider threat detection and investigations working in a remote-first but quarterly in-person environment.

Best fit for

  • Security operations professionals with hands-on experience in SIEM, UBA, and DLP technologies.
    — “hands-on use of insider threat technologies (SIEM, UBA, DLP, endpoint detection)
  • Investigators skilled in evidence collection and stakeholder coordination for sensitive employee matters.
    — “evidence collection, interviewing techniques, and stakeholder coordination
  • Analysts who can translate complex security findings into clear leadership briefs.
    — “translate complex security problems into clear, actionable recommendations

Things to consider

  • Quarterly in-person working sessions required despite remote-first policy.
    — “Expect to get together quarterly for intense in-person working sessions
  • Must handle sensitive information with legal and ethical considerations.
    — “legal, regulatory, and ethical considerations of handling sensitive information

How to stand out

  • Showcase experience in financial crimes or fraud detection beyond basic security roles.
    — “fraud detection, financial crimes investigation, intellectual property theft
  • Highlight any blockchain or cryptocurrency knowledge, even if tangential.
    — “familiar with blockchains, cryptocurrency, and onchain projects
  • Demonstrate ability to improve processes, not just execute tasks.
    — “Drive improvements to insider threat detection by identifying recurring control gaps
Pace · Fast PacedCollaboration · HighAutonomy · MediumDecision Impact · CompanyLevel · Mid Level

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • effective detection and mitigation of insider threats
  • improvements to insider threat detection
Typical background
3+ years of experience in insider threat, security operations, investigations, fraud detection

Skills & requirements

Required

Insider Threat DetectionInvestigationSecurity OperationsLegal And Regulatory ComplianceData AnalysisSIEMUBADLPEndpoint Detection

Preferred

Cissp CertificationIncident ResponseData ProtectionRisk ManagementCounterintelligenceFraud Detection

Stack & domain

SiemUbaDlpEndpoint DetectionLog AnalysisCommunicationAnalytical AbilityCisspFinance

About the role

Original posting from Coinbase

Ready to do the most impactful work of your career? At Coinbase, we are uncompromising on our mission to increase economic freedom. The bar is high, the environment is intense, and we like it that way. This isn't a place for complacency, it’s a place to be pushed past your perceived limits. If you're ready to build the future of finance alongside people who refuse to settle for "good enough," you belong here. Coinbase is a remote-first, but not remote-only company. Expect to get together quarterly for intense in-person working sessions called “surges.” learn more about working at Coinbase.

You'll join the Insider Threat team within Coinbase's Security Operations organization as an Insider Threat Analyst. This team protects billions of dollars in digital assets and the trust of millions of customers by detecting, investigating, and mitigating threats from inside the organization. You'll serve as the front line for insider threat detection, triaging alerts, conducting investigations, and partnering cross-functionally with Security, Legal, HR, and business teams to safeguard Coinbase as it scales globally.

What you’ll be doing (ie. job duties):

Execute alert triage, correlation, and analysis across insider threat detection systems (SIEM, UBA, DLP, endpoint detection), prioritizing findings and escalating recommendations for investigation and mitigation.

Support investigations end to end, from initial triage and evidence collection through employee interviews and stakeholder coordination, delivering clear documentation of findings, risk assessment, and recommended next steps.

Partner with Security, Legal, HR, and business teams to design and execute processes that identify and mitigate insider risks, including abuse and misuse across company systems.

Build case documentation and investigative reports that translate complex technical findings into concise, decision-ready briefs and assessments for leadership and cross-functional stakeholders.

Drive improvements to insider threat detection by identifying recurring control gaps, refining alerting logic, and recommending scalable solutions that reduce insider risk across the organization.

What we look for in you (ie. job requirements): 

3+ years of experience in insider threat, security operations, investigations, fraud detection, or a closely related discipline, with hands-on use of insider threat technologies (SIEM, UBA, DLP, endpoint detection) and log analysis.

Demonstrated experience conducting or supporting investigations involving sensitive employee matters, including evidence collection, interviewing techniques, and stakeholder coordination.

Proven ability to translate complex security problems into clear, actionable recommendations, including composing investigative briefs and assessments consumed by leadership.

Working knowledge of the insider threat landscape, including legal, regulatory, and ethical considerations of handling sensitive information, and experience with customer service tools or financial analysis.

Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.

Nice to haves:

CISSP, or other security credentials

You love analyzing data and identifying disparities and trends

You’ve got experience in one or more of the following areas: incident response, data protection, risk management, counterintelligence, investigations, fraud detection, financial crimes investigation, intellectual property theft, access and identity management, or IT engineering

You are comfortable with a fast-paced tech environment and learn quickly

You’re familiar with blockchains, cryptocurrency, and onchain projects (or at least a good story about how you thought about investing in Bitcoin in 2014 but decided not to).

Position ID:  P77055

#LI-Remote

Pay Transparency Notice: Base salary varies by location (see range below). Total compensation may also include equity and bonus eligibility, and benefits (medical, dental, vision, 401(k)). 

 

Annual base salary range (excluding equity and bonus):$135,320—$159,200 USDPlease be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying.

Commitment to Equal Opportunity

Coinbase is proud to be an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law.  For US applicants, you may view the Employee Rights and the Know Your Rights notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law. 

Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information.   For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here.    

AI Disclosure

For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description.  

For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate. 

The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment. To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com

Source: Coinbase careers

Similar roles