Senior Cyber Security Engineer

We are seeking an experienced and proactive Senior Cyber Security Engineer to join our Global Cyber Security Operations team. This role requires an experienced security professional responsible for executing and supporting cybersecurity operations globally but with a focus on our manufacturing facility. This role has a primary focus on global insider risk management and data loss prevention (DLP), while also providing hands‑on operational support for local manufacturing risks. You will work closely with our Security Operations Center (SOC), incident response teams, and other IT stakeholders to stay ahead of emerging threats and ensure we’re able to build great products securely.

ESSENTIAL DUTIES AND RESPONSIBILITIES: 

Insider Risk Management & Data Protection

• Assist in the management and configuration of Sandisk governance controls related to data security
• Execute day‑to‑day operations of insider risk management and data security controls using Microsoft Purview, MIP, IRM, and DLP technologies.
• Monitor, triage, and investigate insider risk alerts and data loss events using Microsoft Purview, Microsoft Defender, and SIEM tooling, following defined procedures and escalation paths.
• Conduct detailed analysis and documentation of insider risk and data protection incidents, including evidence handling and recommended follow‑up actions.
• Support tuning and refinement of DLP and insider risk policies to improve signal quality and reduce false positives, in coordination with platform owners and senior analysts.

Endpoint Detection, Response & Manufacturing Security

• Perform hands‑on monitoring, investigation, and response activities using Microsoft Defender for Endpoint and CrowdStrike Falcon in an enterprise environment.
• Investigate endpoint‑based alerts affecting manufacturing office systems, engineering workstations, and privileged users, correlating activity across EDR, identity, and data signals.
• Support incident response efforts impacting the manufacturing site, including containment actions, evidence collection, and post‑incident documentation.
• Maintain awareness of manufacturing‑specific risks, including engineering workflows, shared systems, and IP‑sensitive environments.

Automation, Scripting & Analysis

• Use scripting and basic programming to support investigations, data analysis, and operational efficiency.
• Develop and maintain simple scripts or queries (e.g., PowerShell, Python, KQL) to assist with alert triage, log analysis, data validation, and reporting.
• Leverage scripting to reduce repetitive manual tasks while operating within established security tooling and change controls.

Work Style & Attributes

• Self‑motivated and dependable, with a strong work ethic in an on‑site, semi‑isolated environment.
• Comfortable operating as an individual contributor with defined scope and responsibilities.
• Collaborative and approachable, with a service‑oriented mindset toward local manufacturing and IT teams.
• Detail‑oriented and risk‑aware, with an appreciation for balancing security controls against manufacturing uptime and business impact.
• Strong analytical and critical-thinking skills with high attention to detail.
• Clear and concise written and verbal communication, including to non-technical stakeholders.
• Ability to remain composed and effective under pressure during active security incidents.
• Team-oriented and collaborative with a proactive, security-first mindset.
• Ability to approach security challenges with genuine curiosity and a questioning attitude, consistently digging deeper to understand the "why" behind alerts, behaviors, and anomalies rather than accepting surface-level conclusions.

REQUIRED:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience.
• 4–8 years of experience in a cybersecurity operations, data security, insider risk, or a related information security role.
• Knowledge of insider risk, data protection, and privacy concepts in IP‑sensitive or regulated industries.
• Familiarity with enterprise IT environments including Windows/Linux systems, Active Directory, and cloud platforms.
• Demonstrated experience investigating security incidents, data loss events, or policy violations.
• Experience supporting cybersecurity operations in manufacturing or OT‑adjacent environments.
• Familiarity with manufacturing, engineering, or industrial environments and an understanding of how they differ from traditional IT settings.
• Strong analytical, documentation, and evidence‑handling skills.
• Ability to work independently within defined scope, applying judgment while following established procedures and escalation paths.
• Strong communication skills for working with non‑security stakeholders in a manufacturing setting.

SKILLS:

• Proficiency in log analysis and event correlation across multiple data sources.
• Working knowledge of attacker TTPs mapped to the MITRE ATT&CK framework.
• Understanding of network protocols, traffic analysis, and common attack vectors.
• Familiarity with scripting languages (Python, PowerShell, KQL/SPL) for investigation and automation
• Experience with case management platforms (ServiceNow, Jira, or similar ITSM tools).
• Experience with security tools such as SIEM (Sentinel, Splunk), EDR (CrowdStrike, SentinelOne, Defender), or email security platforms.
• Hands‑on experience operating Microsoft Purview, MIP, IRM, and DLP technologies in an enterprise environment.
• Understanding of the NIST CSF, incident response lifecycle, and the cyber kill chain model.              

Sandisk thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Sandisk is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@sandisk.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

NOTICE TO CANDIDATES: Sandisk has received reports of scams where a payment is requested on Sandisk’s behalf as a condition for receiving an offer of employment. Please be aware that Sandisk and its subsidiaries will never request payment as a condition for applying for a position or receiving an offer of employment. Should you encounter any such requests, please report it immediately to Sandisk Ethics Helpline or email compliance@sandisk.com.