What you'd actually do

Conduct end-to-end investigations into suspected insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources.

Review and analyze telemetry including endpoint, identity and authentication, SaaS, application, and network logs.

Correlation events across different log sources to build defensible investigative timelines and attribution assessments.

Partner with stakeholders to deploy detections and implement strategies to prevent malicious activities by improving internal controls, policies, and procedures.

Demonstrate sound judgment and an ability to navigate high-priority, high-risk, and sensitive cases.

Skills

Required

8+ years of experience in an investigative role such as Insider Threat, Security Operations, Digital Forensics, Insider Response, or Corporate Investigations.
Demonstrated experience reviewing and correlating endpoint, application, network, and other logs.
Familiarity with security tools such as Security Information and Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP), and Endpoint Detection and Response (EDR).
Proficient in interpreting evidence and reconstructing events.
Familiarity with criminal law, rules, legislation and internal policies.
Familiarity with all evidence types and the rules governing their admissibility.
Excellent written and verbal communication skills.
Understanding of insider risk typologies

Nice to have

Experience working cross-functionally with HR, Legal, and executive stakeholders.
Experience or interest in cryptocurrency is a plus.

What the JD emphasized

conducting quick-turnaround and in-depth investigations

confront high-priority and sensitive issues

significant ambiguity

conducting investigations specifically focused on SoFi employees

analyzing financial records for discrepancies

developing strategies to detect and mitigate risky behaviors and fraud

examining internal controls

documenting findings

preparing detailed reports

maintaining case files

evaluate how SoFi’s controls could be enhanced

escalated to the appropriate team for remediation

dealing with puzzles

seeking creative solutions

engaging with internal and external stakeholders

moving quickly while ensuring comprehensive results

data exfiltration

policy violations

fraud

IP theft

sabotage

misuse of company resources

telemetry

endpoint

identity and authentication

SaaS

application

network logs

Correlation events

log sources

defensible investigative timelines

attribution assessments

deploy detections

implement strategies to prevent malicious activities

improving internal controls, policies, and procedures

sound judgment

navigate high-priority, high-risk, and sensitive cases

Coordinate and collaborate with external parties

law enforcement agencies

legal counsel

regulatory bodies

Proactively partner with internal and external stakeholders and law enforcement agencies

priority, high-impact, or emerging typologies

Deliver clear, concise, and objective briefings

technical and non-technical stakeholders

Maintain case management system hygiene

complete documentation

evidence preservation

chain of custody integrity

Contribute to the development of playbooks, standards, and procedures

8+ years of experience in an investigative role

Insider Threat

Security Operations

Digital Forensics

Insider Response

Corporate Investigations

Demonstrated experience reviewing and correlating endpoint, application, network, and other logs

Familiarity with security tools

Security Information and Event Management (SIEM)

User and Entity Behavior Analytics (UEBA)

Data Loss Prevention (DLP)

Endpoint Detection and Response (EDR)

Proficient in interpreting evidence

reconstructing events

Familiarity with criminal law, rules, legislation and internal policies

Familiarity with all evidence types and the rules governing their admissibility

Excellent written and verbal communication skills

Understanding of insider risk typologies

**Employee Applicant Privacy Notice**

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

Role Overview

We are looking for a technical lead investigator to join the Internal Trust & Fraud Team. You will be responsible for conducting quick-turnaround and in-depth investigations covering a multitude of financial crimes and insider risk matters. In doing so, you will confront high-priority and sensitive issues from a variety of emerging and novel typologies with significant ambiguity. The Investigator will be responsible for conducting investigations specifically focused on SoFi employees and suspicious activities. The role consists of conducting investigations into misconduct by employees, analyzing financial records for discrepancies, and developing strategies to detect and mitigate risky behaviors and fraud. Key duties involve examining internal controls, documenting findings, preparing detailed reports, and maintaining case files.

In addition to conducting investigations and making recommendations on member or employee activity, you will also be asked to evaluate how SoFi’s controls could be enhanced to further detect and mitigate identified risks and typologies, and work with internal stakeholders to ensure the enhancements are escalated to the appropriate team for remediation.

The right person for this role will enjoy dealing with puzzles, seeking creative solutions, engaging with internal and external stakeholders, and moving quickly while ensuring comprehensive results.

Key Responsibilities

Conduct end-to-end investigations into suspected insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources.
Review and analyze telemetry including endpoint, identity and authentication, SaaS, application, and network logs.
Correlation events across different log sources to build defensible investigative timelines and attribution assessments.
Partner with stakeholders to deploy detections and implement strategies to prevent malicious activities by improving internal controls, policies, and procedures.
Demonstrate sound judgment and an ability to navigate high-priority, high-risk, and sensitive cases.
Coordinate and collaborate with external parties, including law enforcement agencies, legal counsel, and regulatory bodies, when necessary.
Proactively partner with internal and external stakeholders and law enforcement agencies regarding priority, high-impact, or emerging typologies.
Deliver clear, concise, and objective briefings to both technical and non-technical stakeholders.
Maintain case management system hygiene, ensuring complete documentation, evidence preservation, and chain of custody integrity.
Contribute to the development of playbooks, standards, and procedures.

Required Qualifications

8+ years of experience in an investigative role such as Insider Threat, Security Operations, Digital Forensics, Insider Response, or Corporate Investigations.
Demonstrated experience reviewing and correlating endpoint, application, network, and other logs.
Familiarity with security tools such as Security Information and Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP), and Endpoint Detection and Response (EDR).
Proficient in interpreting evidence and reconstructing events.
Familiarity with criminal law, rules, legislation and internal policies.
Familiarity with all evidence types and the rules governing their admissibility.
Excellent written and verbal communication skills.
Understanding of insider risk typologies

Nice to Haves

Experience working cross-functionally with HR, Legal, and executive stakeholders.
Experience or interest in cryptocurrency is a plus.

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

To view all of our comprehensive and competitive benefits, visit our **Benefits at SoFi **page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.