Senior Cyber Security Engineer

We are seeking an experienced and proactive Senior Cyber Security Engineer to join our Global Cyber Security Operations team. This role requires an experienced security professional responsible for executing and supporting cybersecurity operations globally but with a focus on our manufacturing facility. This role has a primary focus on global insider risk management and data loss prevention (DLP), while also providing hands‑on operational support for local manufacturing risks. You will work closely with our Security Operations Center (SOC), incident response teams, and other IT stakeholders to stay ahead of emerging threats and ensure we’re able to build great products securely.

ESSENTIAL DUTIES AND RESPONSIBILITIES: 

Insider Risk Management & Data Protection

• Assist in the management and configuration of Sandisk governance controls related to data security
• Execute day‑to‑day operations of insider risk management and data security controls using Microsoft Purview, MIP, IRM, and DLP technologies.
• Monitor, triage, and investigate insider risk alerts and data loss events using Microsoft Purview, Microsoft Defender, and SIEM tooling, following defined procedures and escalation paths.
• Conduct detailed analysis and documentation of insider risk and data protection incidents, including evidence handling and recommended follow‑up actions.
• Support tuning and refinement of DLP and insider risk policies to improve signal quality and reduce false positives, in coordination with platform owners and senior analysts.

Endpoint Detection, Response & Manufacturing Security

• Perform hands‑on monitoring, investigation, and response activities using Microsoft Defender for Endpoint and CrowdStrike Falcon in an enterprise environment.
• Investigate endpoint‑based alerts affecting manufacturing office systems, engineering workstations, and privileged users, correlating activity across EDR, identity, and data signals.
• Support incident response efforts impacting the manufacturing site, including containment actions, evidence collection, and post‑incident documentation.
• Maintain awareness of manufacturing‑specific risks, including engineering workflows, shared systems, and IP‑sensitive environments.

Automation, Scripting & Analysis

• Use scripting and basic programming to support investigations, data analysis, and operational efficiency.
• Develop and maintain simple scripts or queries (e.g., PowerShell, Python, KQL) to assist with alert triage, log analysis, data validation, and reporting.
• Leverage scripting to reduce repetitive manual tasks while operating within established security tooling and change controls.

Work Style & Attributes

• Self‑motivated and dependable, with a strong work ethic in an on‑site, semi‑isolated environment.
• Comfortable operating as an individual contributor with defined scope and responsibilities.
• Collaborative and approachable, with a service‑oriented mindset toward local manufacturing and IT teams.
• Detail‑oriented and risk‑aware, with an appreciation for balancing security controls against manufacturing uptime and business impact.
• Strong analytical and critical-thinking skills with high attention to detail.
• Clear and concise written and verbal communication, including to non-technical stakeholders.
• Ability to remain composed and effective under pressure during active security incidents.
• Team-oriented and collaborative with a proactive, security-first mindset.
• Ability to approach security challenges with genuine curiosity and a questioning attitude, consistently digging deeper to understand the "why" behind alerts, behaviors, and anomalies rather than accepting surface-level conclusions.