Lead Engineer - Insider Risk

The pay range is $132,000.00 - $238,000.00

Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits.

JOIN TARGET AS A LEAD ENGINEER – INSIDER RISK

About us:

Working at Target means helping all families discover the joy of everyday life. We bring that vision to life through our values and culture. Learn more about Target here.

As a Lead Engineer – Insider Risk, you will be pivotal in the protection of Target’s data, systems, and intellectual property by ensuring employees do not conduct malicious activities. 

In this role, you will play a critical part in safeguarding enterprise data, protecting customer trust in Target, and strengthening the organization’s overall security posture against insider threats by improving detection visibility and fidelity within our UEBA, alerting functionality, and responding and mitigating all identified threats. 

As a Lead Engineer you will:

• Help lead the design, implementation and continuous improvement of the Insider Threat and DLP programs.
• Define metrics through which we can ensure our coverage is comprehensive, effective, and efficient in an ever-changing threat landscape.
• Cross train with other teams within the Cyber Fusion Center such as Cyber Threat Intelligence, Incident Response, Security Architecture, and Enterprise Incident Management.
• Assist in implementation of net new DLP capabilities and ITP UEBA engine.
• Become proficient in workflow automation within our SOAR platform and automate previously manual processes.

Responsibilities:

• Monitor, investigate and maintain DLP technologies across endpoints, network sensors, cloud platforms, and email systems.
• Conduct root cause analysis, recommend remediation actions, and institute blocking procedures as needed to prevent similar risk moving forward.
• Integrate DLP tools with SIEM, UEBA, CASB, and endpoint detection platforms.
• Conduct continuous improvement of custom rules based on tradecraft knowledge, anomaly detection hunts, threat intelligence, and previous cases.
• Work closely with Employee Relations, Human Resources, Security Architecture, and policy teams to improve Target’s overall security posture and move from detection to prevention.

Core responsibilities of this job are described within this job description. Job duties may change at any time due to business needs.

About you:

• 4 year degree or equivalent experience
• 7+ years in cybersecurity with a focus in Incident Response, DLP, and Insider Threat
• Extensive experience with DLP tools (e.g. ZScaler, ForcePoint, Symantec)
• Deep understanding of Insider Threat methodologies and behavioral analytics to differentiate between uncommon and malicious activity
• Demonstrated programming experience in Python, PowerShell or equivalent
• Experience with maintaining SIEM, UEBA, EDR, and cloud security platforms
• Demonstrated ability to build strong cross-functional partnerships and influence enterprise security strategy
• Experience working closely with cyber threat intelligence, incident response, or detection engineering teams
• Strong problem-solving skills with the ability to navigate complex, ambiguous security challenges
• Excellent communication skills, with the ability to present complex concepts clearly to technical and executive audiences
• Commitment to operational excellence, safety, and continuous improvement
• Self-directed learner who stays current with evolving cybersecurity threats, technologies and best practices

This position will operate as a Hybrid/Flex for Your Day work arrangement based on Target’s needs. A Hybrid/Flex for Your Day work arrangement means the team member’s core role will need to be performed both onsite at the Target HQ MN location the role is assigned to and virtually, depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target. Click here if you are curious to learn more about Minnesota.

Benefits Eligibility

Please paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_E

Americans with Disabilities Act (ADA)

In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to candidate.accommodations@HRHelp.Target.com. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.  

Application deadline is : 05/14/2026