**Position Overview:** Located in Raleigh, NC, Ralliant is seeking an experienced and detail-oriented **Insider Risk & Forensic Engineer** to lead high-stakes investigations and digital forensics efforts across our enterprise. This role supports insider threat management, legal casework, and broader cybersecurity incident response, with a strong emphasis on **chain of custody, DLP tooling, forensic analysis** , and interdepartmental collaboration. The ideal candidate brings a balance of technical depth, investigative acumen, and the professionalism to interface with legal, HR, and external partners including law enforcement and cybersecurity vendors. **Key Responsibilities:** + Conduct insider risk investigations related to data loss, misconduct, and policy violations using forensically sound techniques. + Serve as a key contributor to enterprise cybersecurity incident response, providing forensic support for endpoint, identity, and cloud-based investigations. + Lead evidence preservation and investigative workflows with strict adherence to chain of custody and legal hold requirements. + Operate and enhance DLP technologies including Microsoft Purview and Zscaler DLP; support alert triage, policy tuning, and response coordination. + Collaborate with third-party partners (e.g., CrowdStrike, Mandiant) during complex cyber investigations, IR escalation, and post-incident reviews. + Prepare and deliver comprehensive, legally-defensible investigation reports for internal stakeholders, legal teams, and external counsel. + Interface with law enforcement and regulatory bodies as needed for case support or evidence transfer. + Support and maintain eDiscovery platforms, ensuring readiness and responsiveness to litigation or regulatory requests. + Develop and continuously improve investigative playbooks, insider risk detection rules, and training content for response teams **Qualifications:** + Bachelor’s degree in Cybersecurity, Digital Forensics, Criminal Justice, or related field. + 6+ years of experience in digital forensics, insider threat investigations, incident response, or cybersecurity compliance. + Proven hands-on expertise with Microsoft Purview Compliance Suite, Zscaler DLP, and forensic analysis tools (e.g., CrowdStrike, EnCase, FTK, X-Ways, ObserveIT, Magnet Forensics). + Experience supporting cybersecurity incidents, especially in cross-functional or multi-vendor response contexts. + Familiarity with SIEM, endpoint telemetry, and log analysis related to investigative workflows. + Strong skills in evidence handling, eDiscovery, documentation, and formal report writing. + Experience collaborating with legal, HR, and compliance teams on sensitive investigations. + Working knowledge of regulatory frameworks (SOX, GDPR, NIST 800-171, ITAR). **Preferred Qualifications:** + Experience working with or alongside third-party cybersecurity vendors such as CrowdStrike, Mandiant, or other IR consulting partners. + Prior experience in law enforcement or federal investigations is strongly preferred. + Relevant certifications: GCFA, GCIH, CFCE, EnCE, CISSP, or equivalent. + Eligibility to access export-controlled data. \#LI-RG1 \#LI-Hybrid **Ralliant Corporation Overview** Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we’re building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world. **Bonus or Equity** This position is also eligible for bonus and equity as part of the total compensation package. **Pay Range** The salary range for this position (in local currency) is 101,500.00 - 188,500.00