Sr Cybersecurity Engineer

At NiSource, our Enterprise Security department engineers sophisticated defenses to protect the critical cyber and operational infrastructure that powers our business. The Sr Cybersecurity Engineer - Insider Threat serves as a senior technical leader responsible for designing, engineering, and operationalizing capabilities that detect, prevent, and respond to insider risk across enterprise IT, cloud, and operational environments.

This role focuses on the identification of malicious, negligent, and compromised-user behaviors through advanced monitoring, analytics, behavioral detection, and data protection controls. The Sr Cybersecurity Engineer partners closely with Security Operations, HR, Legal, Compliance, Privacy, and Data Governance to ensure insider risk capabilities are technically sound, legally defensible, and aligned to regulatory obligations (e.g., NIST CSF, NERC CIP where applicable).

The engineer builds and sustains technical controls across identity systems, endpoint telemetry, DLP platforms, UEBA solutions, cloud environments, and security data platforms. This role is responsible for translating insider threat risk into actionable detection logic, automation, and engineered safeguards that protect intellectual property, customer data, and critical infrastructure.

This position plays a strategic role in enabling trusted workforce operations while reducing organizational risk through measurable, defensible insider threat detection and mitigation capabilities.

Key Disciplines for Insider Threat Engineering

• User & Entity Behavior Analytics (UEBA): Designing behavioral baselines and anomaly detection models leveraging SIEM, XDR, and data lake platforms.
• Data Loss Prevention (DLP) & Data Protection Engineering: Engineering and tuning controls across endpoint, cloud, email, collaboration platforms, and SaaS applications.
• Identity & Access Risk Engineering: Advanced IAM integrations, privileged access monitoring, identity anomaly detection, and federation risk analysis.
• Security Data Engineering & Analytics: Integrating telemetry from endpoints, identity providers, SaaS platforms, badge systems, and HR systems into unified detection pipelines.
• Insider Threat Detection Engineering: Developing high-fidelity use cases aligned to insider kill chains (data staging, privilege abuse, exfiltration, policy violations).
• Cloud & SaaS Monitoring: Engineering monitoring for M365, Azure, collaboration platforms, and other enterprise SaaS environments.
• Forensics & Investigative Support: Engineering audit retention, chain-of-custody readiness, and evidence collection capabilities.
• Automation & Response Orchestration: Building automated workflows for investigation, containment, and escalation.
• Regulatory & Privacy-Aware Monitoring: Designing monitoring solutions that balance workforce privacy considerations with enterprise risk reduction.
• AI/ML-Driven Risk Modeling: Leveraging advanced analytics to enhance anomaly detection, insider risk scoring, and alert prioritization.

Essential Functions

• Develop and fine-tune security monitoring tools.
• Engineer solutions for incident detection and response.
• Implement patches and remediations.
• Engineer secure network and system architectures.
• Implement IAM solutions.
• Automate compliance monitoring and reporting.
• Integrate threat intelligence into security tools.
• Develop training materials and simulations.
• Implement cloud security controls and measures.
• Analyze pen-testing results and engineer defenses.
• Enforce policy adherence through technical solutions.
• Pilot new security solutions., * Standing - Occasionally
• Walking - Occasionally
• Sitting - Constantly
• Lifting - Rarely
• Carrying - Rarely
• Pushing - Rarely
• Pulling - Rarely
• Climbing - Rarely
• Balancing - Rarely
• Stooping - Rarely
• Kneeling - Rarely
• Crouching - Rarely
• Crawling - Rarely
• Reaching - Rarely
• Handling - Occasionally
• Grasping - Occasionally
• Feeling - Rarely
• Talking - Constantly
• Hearing - Constantly
• Repetitive Motions - Frequently
• Eye/Hand/Foot Coordination - Frequently

The preceding description is not designed to be a complete list of all duties and responsibilities required of the position.

As a public utility, NiSource is required to provide continuous service to customers at all times. To ensure we fulfill that obligation, employees may be required to work outside their normal work hours and perform tasks outside of their normal responsibilities in support of emergency operations.

Work Authorization

Authorized to work in the United States without requiring sponsorship.

Workplace Connection Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.

Respect the unique lived experiences within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represents all walks of life and all backgrounds.

Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment., Promote a safe work environment by actively participating in all aspects of our employee safety program. Report any unsafe conditions and take actions to prevent personal injuries. Support our interdependent safety culture by ensuring the safety of your co-workers. Stay focused on the task at hand and promote productivity through good work habits.

• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field is preferred. However, equivalent professional experience, military service, relevant certifications, substantial industry tenure, or technical training may be considered as a substitute for formal education.
• 5+ years of experience in designing and implementing robust security solutions.
• Experience with secure coding practices and Application Security.
• Proficiency in Cybersecurity principles, IT infrastructure, and Application Security. High
• Understanding of Network Security protocols, Cryptography, and secure network architectures. High
• Familiarity with Cloud Security, including IaaS, PaaS, and SaaS models. High
• Knowledge of Cybersecurity frameworks such as NIST CSF. Medium
• Expertise in Penetration Testing and Ethical Hacking. Low
• In-depth knowledge of developing secure network architectures and defense strategies. High
• Expertise in secure software development lifecycle practices. Medium
• Demonstrated leadership and team mentoring abilities. Medium

Preferred Additional Qualifications for Position

• Advanced degrees or professional certifications such as CISSP, CISM, CEH, or equivalent.
• Contributions to Cybersecurity research or thought leadership in industry forums.
• Experience with AI and ML technologies in Cybersecurity., NiSourceparticipates in the U.S. Department of Homeland Security's E-Verify program. As part of this process, we provide the following notices to all job applicants: These documents inform you of your rights and responsibilities under U.S. law. You can view or download them using the links below:
• E-Verify Poster(English and Spanish) E-Verify Participation Poster English and Spanish
• Right to Work Poster(English and Spanish) If you have the right to work, don't let anyone take it away

Salary Range*: $113,500.00 - $170,300.00

*The salary offered to a candidate is based on several factors including but not limited to the candidate's skills, job-related knowledge, and relevant experience, as well as internal pay equity.

$113,500.00 - $170,300.00