Senior Information Security Engineer- DLP​/Insider Threat

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all. Employer work visa sponsorship and support are not provided for this role. Applicants must be currently authorized to work in the United States at hire and must maintain authorization to work in the United States throughout their employment with our company.

The Senior Information Security Engineer‑ DLP/Insider Threat helps protect athenahealth’s sensitive company, customer, workforce, and healthcare data. This role supports the operation and improvement of data loss prevention and insider risk capabilities across endpoint, email, SaaS, cloud, collaboration, identity, and security platforms. This is a hands‑on, engineering‑focused role with an emphasis on tool configuration, alert tuning, technical troubleshooting, evidence quality, workflow improvement, and cross‑functional response.

This team supports data protection and insider risk capabilities that help safeguard PHI, PII, confidential business data, intellectual property, credentials, and other sensitive or regulated information. The work spans security tooling, alert triage, investigations, policy tuning, and operational support in partnership with multiple security and business teams.

• Configure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls.
• Support tools such as Cyberhaven, Proofpoint, Crowd Strike, and Splunk.
• Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic.
• Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data.

• Troubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns.
• Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners.
• Identify improvements that reduce false positives, increase detection fidelity, and improve reliability.

• Triage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage.
• Escalate cases to the Cybersecurity Operations Center as needed.
• Correlate findings across security tools when needed.

• Investigate data movement and user activity to identify policy tuning opportunities and potential incidents.
• Assess potential sensitive data exposure through AI workflows where telemetry is available.
• Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience.

• Maintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence‑handling practices.
• Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders.
• Support alert routing, case workflows, integrations, and automation improvements.
• Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements.

• Cross‑train team members in tool administration, workflows, and troubleshooting.
• Serve as backup support for team responsibilities and workflows.
• Participate in 24×7 on‑call responsibilities.

• Bachelor’s degree or equivalent practical experience.
• Strong foundational skills in operating system, hardware, software, and network troubleshooting.
• Experience in information security, DLP, insider risk, UEBA, security operations, endpoint security, data/SaaS/AI security posture management, email security, or related technical security work.
• Hands‑on experience administering, monitoring, or tuning enterprise security tools such as DLP, insider risk, UEBA, email security, endpoint security, cloud security posture, secrets detection, SIEM, or case management platforms.
• Exp…