Role in brief
Coinbase is seeking a Senior Insider Threat Analyst to lead investigations and enhance detection processes within its Security Operations team. This role involves protecting digital assets and customer trust by mitigating internal threats. Candidates with a strong background in security investigations, insider threat technologies, and cross-functional collaboration will be well-suited for this remote position.
About the role
This Senior Insider Threat Analyst position is within Coinbase's Security Operations organization, focusing on safeguarding digital assets and customer trust. The role involves detecting, investigating, and mitigating internal threats using a combination of tools, automation, and strategic expertise. The successful candidate will be responsible for owning complex investigations from start to finish, including evidence collection, interviews, and coordination with various stakeholders.
A key part of this role is leading detection and analysis efforts. This includes prioritizing alert reviews across insider threat technologies like SIEM, UBA, DLP, and endpoint detection, as well as correlating signals to identify patterns. The analyst will also collaborate with Security, Legal, HR, and business teams to develop and refine processes that reduce insider risk and address control gaps.
Success in this position means shaping the team's investigative and analytical capabilities. This involves refining alerting logic, developing scalable detection improvements, and mentoring junior analysts. The role also requires strengthening communication by preparing clear, decision-ready briefs and assessments for senior leadership, translating complex findings into concise narratives with actionable recommendations.
The annual base salary for this remote position ranges from $167,280 to $196,800 USD, with total compensation potentially including equity and bonus eligibility.
Skills that matter here
- insider threat: This role requires deep hands-on expertise in identifying and mitigating threats originating from within the organization.
- security investigations: The analyst will lead complex investigations, from initial triage and evidence collection to stakeholder coordination and reporting.
- SIEM: Experience with Security Information and Event Management systems is crucial for prioritizing alert reviews and correlating security signals.
- UBA: Knowledge of User Behavior Analytics tools will be used to detect suspicious patterns and enhance threat detection capabilities.
- DLP: Data Loss Prevention technologies are essential for monitoring and preventing unauthorized data exfiltration.
- log analysis: The ability to analyze logs is fundamental for correlating signals and identifying patterns during investigations.
Who this role suits
- A person who thrives on independently leading sensitive investigations and coordinating across multiple internal departments.
- Someone with a proven ability to identify systemic issues and drive improvements in detection and response processes.
- An individual skilled at translating complex technical and behavioral findings into clear, concise communications for senior leadership.
- A professional who applies sound judgment within legal and ethical frameworks governing insider threat programs.
From the employer
- Own complex insider threat investigations end to end, from triage and evidence collection through employee interviews and stakeholder coordination, delivering clear findings, risk assessments, and actionable recommendations to leadership.
- Lead detection and analysis efforts by prioritizing alert reviews across insider threat technologies (SIEM, UBA, DLP, endpoint detection), correlating signals, and identifying patterns that inform broader mitigation strategies.
- Partner cross-functionally with Security, Legal, HR, and business teams to design, implement, and refine processes that systematically reduce insider risk and close recurring control gaps at scale.
- Shape the team's investigative and analytical capabilities by refining alerting logic, developing scalable detection improvements, and mentoring junior analysts on tradecraft, evidence handling, and stakeholder communication.
- Strengthen reporting and stakeholder communication by composing decision-ready briefs and assessments for senior leadership, translating complex investigative findings into concise narratives with clear risk context and recommended next steps.
- 5+ years of experience in insider threat, security investigations, counterintelligence, fraud detection, or a closely related discipline, with deep hands-on expertise in insider threat technologies (SIEM, UBA, DLP, endpoint detection) and log analysis.
- Track record of independently leading complex, sensitive investigations involving employee matters, including evidence collection, interviewing techniques, and coordination across Legal, HR, and business stakeholders.
- Demonstrated ability to identify systemic control gaps and drive scaled improvements to insider threat detection and response processes, including refining alerting logic and recommending automation opportunities.
- Proven experience composing investigative briefs, risk assessments, and analytical products consumed by senior leadership, with the ability to translate complex technical and behavioral findings into concise, decision-ready narratives.
- Working knowledge of the legal, regulatory, and ethical frameworks governing insider threat programs, with experience applying sound judgment when handling highly sensitive and confidential information.
- Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.
- Base salary varies by location (see range below). Total compensation may also include equity and bonus eligibility, and benefits (medical, dental, vision, 401(k)).
- Annual base salary range (excluding equity and bonus): $167,280—$196,800 USD.
Questions about this role
What is the remote work policy for this role?
This is a remote-first position, but the company also holds quarterly in-person working sessions called “surges.”
What level of seniority is expected for this position?
This is a senior-level role, requiring at least 5 years of experience in relevant fields.
What specific technologies are relevant to this role?
The role requires expertise in insider threat technologies such as SIEM, UBA, DLP, endpoint detection, and log analysis.