4153 Insider Threat Analyst

OVERVIEW:

The Senior Information Security Analyst (Insider Threat Analyst) is a critical member of the Insider Threat Operations Center (ITOC), responsible for advanced analysis, detection, hunting, and investigative support related to insider threats. This role requires deep analytical expertise, technical proficiency with User Activity Monitoring (UAM), User Behavior Analytics (UBA), Single Pane of Glass (SPOG) solutions, and a comprehensive understanding of the evolving insider threat landscape.

GENERAL DUTIES:

1. Insider Threat Operations and Analysis

• Review, analyze, and search insider threat data to identify trends, patterns, and indicators of potential insider threats.
• Produce actionable analytics to help identify individuals at risk of harm to themselves or the department, assess compromise vectors, and document behavioral indicators.
• Develop and refine processes to identify compromised users, assess threats and impacts, and provide recommendations to contain and eradicate advanced insider threats.
• Support the creation of complex correlation rules and triggers in the enterprise UAM solution.
• Respond to critical or high-priority UAM alerts within four hours during normal business hours.
• Provide surge support, including event monitoring, complex analysis, and training, during periods of increased threat activity.

2. Hunt Team Operations

• Perform proactive insider threat hunting across enterprise networks, reviewing and refining potential risk indicators to enhance detection and analysis capabilities.
• Rotate among internal analytic teams, as needed, to maintain proficiency and continuously advance expertise.
• Develop, document, and update standard operating procedures (SOPs) and best practices for hunt operations.

3. Inquiries & Investigations Support

• Conduct thorough and objective inquiries and investigations into potential insider threat or misconduct indicators.
• Correlate data across a wide range of data sets, systems, and tools to identify patterns of activity.
• Generate detailed inquiry and investigation reports, clearly articulating concerns and findings.
• Recommend, coordinate, and facilitate mitigation strategies with partner law enforcement, security, counterintelligence, human capital, and cybersecurity teams.
• Rotate among analytic teams and contribute to the ongoing development of SOPs and best practices.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field.
• 6+ years of experience in information security analysis, with at least 3 years focused on insider threat analysis, research, or hunt operations.
• Demonstrated experience with insider threat data analysis and research.
• Expertise utilizing UAM, UBA, and SPOG capabilities in large, complex environments.
• In-depth knowledge of the current insider threat landscape, including adversary tactics, techniques, and procedures (TTPs).
• Proven ability to investigate, identify, contain, and recover from insider threat incidents.
• Strong analytical, problem-solving, and technical writing skills.
• Excellent communication and teamwork abilities.

DESIRED QUALIFICATIONS:

• Experience supporting federal agency insider threat and cybersecurity programs.
• Familiarity with advanced analytics, threat hunting methodologies, and investigative tools.
• Relevant certifications (e.g., CISSP, GIAC, CISA, CEH, Insider Threat Program Manager).
• Experience providing surge support and rapid response during high-alert periods.

CLEARANCE:

• TS/SCI minimum