Insider Risk – Rule Management Engineer (f/m/x)

DB Global Technology is Deutsche Bank’s technology centre in Central and Eastern Europe. Since its set-up in 2013, Bucharest Technology Centre (BEX) has constantly proven its capacity to deliver global technology products and services, playing a dynamic role in the Bank’s technology transformation.

We have a robust, hands-on engineering culture dedicated to continuous learning, knowledge-sharing, technical skill development and networking. We are an essential part of the Bank’s technology platform and develop applications for many important business areas.

This role is critical for shaping the organization’s insider risk posture. A Rule Management Specialist ensures that the DB’s platform is tuned to accurately detect risky behaviors, provide actionable intelligence, and support the Insider Risk Management (IRM) strategy while minimizing noise and false positives.

This role is ideal for an experienced insider risk specialist who combines technical depth, analytical thinking, and strong collaboration skills.

Key Responsibilities:

• Rule Development & Management:
  • Translate organizational insider risk policies, use cases, and threat scenarios into actionable rules.
  • Create, configure, and maintain behavioural indicators, risk models, and detection rules.
  • Implement and refine risk scoring profiles to categorize user behaviours (e.g., negligent, malicious, compromised).
  • Manage baseline configurations to reduce false positives while ensuring meaningful detection.
  • Maintain documentation for all rules, logic workflows, and rule change histories.
• Design and model insider threat scenarios, such as:
  • Data exfiltration attempts
  • Privilege misuse
  • Shadow IT behaviours
  • Anomalous data handling or print spikes
  • Obfuscation or evasion behaviours
• Monitoring, Analysis, and Optimization:
  • Perform impact assessments before deploying new rules into production environments.
  • Continuously monitor rule performance, alert accuracy, and telemetry patterns
  • Tune rule thresholds and behavioural indicators to improve detection fidelity and reduce fatigue.
  • Conduct periodic audits to ensure rule sets remain aligned with current business processes and emerging insider risk trends.
• Cross‑Functional Collaboration:
  • Work with other Insider Risk Management teams and Security Operations to test and validate new use cases end‑to‑end.
  • Partner with Security Operations to ensure alerts seamlessly integrate into SIEM/SOAR workflows.
  • Provide subject‑matter expertise during risk reviews, audits, and tabletop exercises.

Qualifications:

• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Data Analytics, or a related field.
• Experience:
  • 3–7 years of experience in Cybersecurity, Insider Threat, IRM, or SOC operations, or related fields.
  • Hands‑on experience with Insider Risk platforms (tools like Microsoft Purview, DTEX, Proofpoint, Code42).

Skills:

• Proficiency in scripting languages (e.g., Python) or query languages (e.g., SQL or SPL or KQL) for data manipulation and analysis and reporting.
• Strong understanding of behavioral analytics, telemetry, user activity monitoring, and data classification.
• Familiarity with Data Loss Prevention, User and Entity Behavior Analytics, and endpoint security technologies.
• Understanding of common attack vectors, threat actor methodologies, and data exfiltration techniques.
• Strong written and verbal communication skills, especially for documenting rules and communicating with non‑technical stakeholders.

Relevant certifications: CISSP, CISM, GCIH, CCSP, or similar are a plus

Well-being & Benefits

Emotionally and mentally balanced: We support you in dealing with life crises, maintaining stability through illness, and maintaining good mental health.

• Empowering managers who value your ideas and decisions. Show your positive attitude, determination, and open-mindedness.
• A professional, passionate, and fun workplace.
• A modern office with fun and relaxing areas to boost creativity.
• Continuous learning culture with coaching and support from team experts.
• A culture where you can openly speak about mental health.

Physically thriving: We support you in managing your physical health by taking appropriate preventive measures and providing a workplace that helps you thrive. For example, Private healthcare and life insurance with premium benefits for you and discounts for your loved ones, healthier ways of working and check-ups.

Socially connected: We strongly believe in collaboration, inclusion and feeling connected to open up new perspectives and strengthen our self-confidence and well-being.

• 24 days holiday, loyalty days, and bank holidays (including weekdays for weekend bank holidays).
• Hybrid working model with 40% remote work.
• Options for flexible working hours.
• Enjoy retailer discounts, cultural and CSR activities, workshops, and more.

Financially secure: We support you in meeting personal financial goals during your active career and for the future.

• Competitive income, performance-based promotions, and a sense of purpose.
• Meal vouchers, bonuses for referrals

Interested in more: discover what our employees value in the Well-being & Benefits hub!

We strive for a Culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank.

We welcome applications from all people and promote a positive, fair and inclusive work environment.

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.