Insider Threat Analyst

Ready to do the most impactful work of your career? At Coinbase, we are uncompromising on our mission to increase economic freedom. The bar is high, the environment is intense, and we like it that way. This isn't a place for complacency, it's a place to be pushed past your perceived limits. If you're ready to build the future of finance alongside people who refuse to settle for "good enough," you belong here. Coinbase is a remote-first, but not remote-only company. Expect to get together quarterly for intense in-person working sessions called "surges."

You'll join the Insider Threat team within Coinbase's Security Operations organization. This team protects billions of dollars in digital assets and the trust of millions of customers by detecting, investigating, and mitigating threats from inside the organization. You'll serve as the front line for insider threat detection, triaging alerts, conducting investigations, and partnering cross-functionally with Security, Legal, HR, and business teams to safeguard Coinbase as it scales globally.

What you'll be doing

• Execute alert triage, correlation, and analysis across insider threat detection systems (SIEM, UBA, DLP, endpoint detection), prioritizing findings and escalating recommendations for investigation and mitigation.
• Support investigations end to end, from initial triage and evidence collection through employee interviews and stakeholder coordination, delivering clear documentation of findings, risk assessment, and recommended next steps.
• Partner with Security, Legal, HR, and business teams to design and execute processes that identify and mitigate insider risks, including abuse and misuse across company systems.
• Build case documentation and investigative reports that translate complex technical findings into concise, decision-ready briefs and assessments for leadership and cross-functional stakeholders.
• Drive improvements to insider threat detection by identifying recurring control gaps, refining alerting logic, and recommending scalable solutions that reduce insider risk across the organization.

What we look for in you

• 3+ years of experience in insider threat, security operations, investigations, fraud detection, or a closely related discipline, with hands-on use of insider threat technologies (SIEM, UBA, DLP, endpoint detection) and log analysis.
• Demonstrated experience conducting or supporting investigations involving sensitive employee matters, including evidence collection, interviewing techniques, and stakeholder coordination.
• Proven ability to translate complex security problems into clear, actionable recommendations, including composing investigative briefs and assessments consumed by leadership.
• Working knowledge of the insider threat landscape, including legal, regulatory, and ethical considerations of handling sensitive information, and experience with customer service tools or financial analysis.
• Utilizes generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.

Nice to haves

• CISSP, or other security credentials.
• You love analyzing data and identifying disparities and trends.
• Experience in one or more of the following areas: incident response, data protection, risk management, counterintelligence, investigations, fraud detection, financial crimes investigation, intellectual property theft, access and identity management, or IT engineering.
• You are comfortable with a fast-paced tech environment and learn quickly.
• You're familiar with blockchains, cryptocurrency, and onchain projects.

Compensation and Additional Information

Position ID: P77055

Annual base salary range (excluding equity and bonus): $135,320 USD - $159,200 USD.

Coinbase is an Equal Opportunity Employer. We are committed to providing reasonable accommodations to individuals with disabilities. Please contact [email protected] for assistance.