About the Role
The Data and Insider Threat Security Engineer will design and implement technical controls to protect sensitive data and detect, investigate, and reduce insider-driven risk across the organization. This role will help establish secure monitoring and response patterns for data access, data movement, privileged activity, and anomalous user behavior, while working with data, infrastructure, IAM, cloud, HR, legal, and SOC teams to strengthen data security and insider threat detection capabilities.
Key responsibilities
- Develop and maintain insider threat and data misuse threat models covering unauthorized access, excessive privilege use, data exfiltration, privilege abuse, sabotage, policy circumvention, anomalous user behavior, third-party misuse, and negligent handling of sensitive information.
- Define security requirements and reference architectures for protecting sensitive data across endpoints, email, SaaS, cloud storage, file shares, databases, analytics platforms, and collaboration tools.
- Design and implement controls for data classification, labeling, discovery, access governance, encryption, tokenization where applicable, and monitoring of sensitive data flows across structured and unstructured environments.
- Establish technical controls for insider risk detection, including user activity monitoring, behavioral analytics, DLP policies, access anomaly detection, session logging, and privileged activity oversight.
- Work with IAM, PAM, endpoint, cloud, and platform teams to secure identities, service accounts, privileged access paths, and high-risk administrative activities that could lead to insider misuse or data loss.
- Build and tune detections for suspicious access patterns, unusual downloads, bulk transfers, policy violations, data staging, removable media activity, abnormal sharing behavior, and attempts to bypass security controls.
- Integrate telemetry from DLP, UEBA, IAM, PAM, EDR/XDR, email security, SaaS platforms, cloud logs, and data repositories into SIEM and SOAR workflows for triage, enrichment, and case management.
- Partner with SOC, HR, legal, privacy, compliance, and internal audit teams to support insider threat investigations, evidence handling, escalation criteria, and response playbooks in line with legal and privacy requirements.
- Design and execute use case validation, detection testing, and control assurance exercises for insider risk and sensitive data protection scenarios.
- Support monitoring of high-risk populations, critical assets, and sensitive business processes using a risk-based approach aligned with business context and approved governance controls.
- Contribute to insider threat standards, data protection requirements, monitoring governance, retention requirements, and third-party security assessments involving access to sensitive data.
- Produce operational metrics and reporting on alert quality, detection coverage, false positives, investigation outcomes, control effectiveness, and data protection posture improvements.
About You
- 5+ years of experience in cybersecurity, security engineering, data security, detection engineering, insider risk, security operations, or security architecture.
- Strong foundation in data security, IAM, DLP, SIEM, UEBA, endpoint security, cloud security, or security monitoring architecture.
- Demonstrated understanding of insider threat concepts, including misuse of authorized access, anomalous behavior detection, data exfiltration techniques, and risk indicators across users, devices, and repositories.
- Experience designing or securing controls around access to sensitive data, privileged access, service-to-service access, and user activity logging.
- Familiarity with data protection architecture across M365, endpoints, file stores, databases, cloud platforms, and SaaS environments.
- Working knowledge of SIEM, SOAR, DLP, UEBA, case management, and evidence preservation practices used in insider risk detection and response.
- Ability to work effectively with infrastructure teams, IAM teams, legal, HR, privacy, and business stakeholders to implement controls without creating unnecessary operational friction.
- Strong communication, documentation, and stakeholder engagement capability.
- Demonstrated experience in building detections, tuning analytics, investigating anomalous user behavior, or implementing data security controls through operational projects or engineering work
Nice to have
- Hands-on experience with Microsoft Purview, Microsoft Defender, Sentinel, DLP or similar insider risk and data protection platforms.
- Experience securing and monitoring M365, SaaS collaboration platforms, cloud storage, and enterprise file-sharing services.
- Experience with UEBA, insider risk programs, digital forensics, or investigation support.
- Programming or scripting capability in Python, PowerShell, KQL, or SQL.
- Experience integrating data security and insider threat telemetry into SIEM, SOAR, ITSM, or case management workflows.
- Familiarity with privacy, labor, evidence-handling, and monitoring governance requirements in multinational environments.
- Exposure to high-risk user monitoring, critical asset protection, and cross-functional insider threat working groups.
About Us
At 30 Jun 2025, the Group and its associates operated over 7,500 outlets and employed over 83,000 people. The Group had total annual revenue in 2024 exceeding US$24.9 billion.
The Group is dedicated to delivering quality, value and service to Asian consumers through a compelling retail experience, supported by an extensive store network and highly efficient supply chains. The Group, including its associates, operates a portfolio of well-known brands across five key divisions: health and beauty, convenience, food, home furnishings, and restaurants.
The Group's parent company, DFI Retail Group Holdings Limited, is incorporated in Bermuda and has a primary listing in the equity shares (transition) category of the London Stock Exchange, with secondary listings in Bermuda and Singapore. The Group's businesses are managed from Hong Kong.
DFI Retail Group is a member of the Jardine Matheson Group.