user avatar

Insider Threat Analyst/Hunt Team

ASRC Federal

Today
Dept of Homeland Security
Unspecified
Unspecified
Springfield, VA (On-Site/Office)
ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is seeking experienced Insider Threat Analyst/Hunt Team supporting an Insider Threat Program (ITP) with the Department of Homeland Security.Insider Threat programs proactively identify, prevent and mitigate internal security risks. This exciting cybersecurity opportunity will allow you to put your skills and experience with analysis and leadership to identify insider threats to further the mission of the Insider Threat Program.

Work arrangement: Onsite (Mon - Fri at customer location)

Clearance: Active Top Secret; SCI eligible. A DHS Polygraph will be administered

Responsibilities:

The selected candidate will be responsible for the following:
  • Examine, analyze, and search insider threat data to identify trends, patterns, and insights of potential insider threat indicators.


  • Provide analytical, program support services related to the operation of UAM/ UEBA tool.
  • Monitor UAM platform to identify emerging requirements related to insider threat events and coordinate across the enterprise to ensure timely response.
  • Conduct further research on the UAM platform to identify patterns of concerning behavior related to a potential insider threat risk to the DHS enterprise.
  • Provide proactive insider threat-based hunting across the DHS enterprise network, leveraging methodologies and behavioral analytics to detect, investigate, and mitigate anomalous activity and policy violations indicative of malicious insider behavior.
  • Conduct continuous hunt operations across data and log sources, DHS platforms, EDR tools, and network traffic to identify patterns of insider threat behavior.
  • Identify mitigation strategies to assist the investigative team in effectively reducing insider threat risk.
  • Utilize UEBA (User and Entity Behavior Analytics) platforms and techniques to baseline user activity and detect deviations.
  • Provide timely response to critical/high UAM alerts (within 4 hours during normal business hours and provide after-hour support). Normal business hours will be defined as 6am to 10pm Monday - Friday excluding weekends and scheduled holidays. Implement corrective actions to restore normal operations and prevent recurrence. This position is expected to eventually move to shift work to meet the requirement of 24x7 operations at an undetermined later date.

    • Requirements:

    • Top Secret Clearance with ability to obtain DHS EOD SCI
    • Demonstrated proficiency in vast array of User Activity Monitoring Products and Platforms.
    • Excellent customer service, analytical, problem solving, and interpersonal skills.
    • Ability to work independently and function as an integral part of the team.
    • Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security processes.
    • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.


    Education/Experience:
    • Bachelors degree and (6)+ years of prior relevant insider threat experience or Masters with (4)+ years of prior relevant experience. Additional years of experience with requisite certifications will be considered in lieu of degree.
    • Minimum of 4 years demonstrated knowledge of the intelligence cycle, processes, and organizations.
    • Minimum 4 years demonstrated knowledge of various research tools and procedures and methods of analyzing, compiling, reporting and disseminating intelligence data and information.
    • Minimum of 4 years demonstrated knowledge of research and analytical techniques as applied to difficult and complex assignments in security, law enforcement, and counterintelligence analysis.
    • Minimum of 4 years demonstrated knowledge of Threat Assessment & Mitigation Strategies.
    • Possess a strong analytical background.
    • Have excellent written and verbal skills with ability to deliver briefings to a diverse group of audience
    • Possess the ability to plan, coordinate, research and analyze all-source intelligence information for accuracy, timeliness, and relevance to mission.
    • Possess knowledge of current domestic and international threats to U.S. national security interests.
    • Be adept at establishing networks with relevant security, personnel, and prevention stakeholders to foster program utilization.
    • Be a self-starter capable of working independently to promote program goals.
    • Advanced knowledge of User Activity Monitoring Software (UAM) and solutions.
    • Advanced knowledge of Cybersecurity toolsets designed to support ITP mission activities.
    • Advanced Knowledge of Open-Source toolsets.
    • Working Knowledge of Insider Threat Frameworks; Pathway to Violence & Critical Pathway.

    Desired Skills and Qualifications:
    • Master's degree from an accredited college or university in Information Technology, computer science, engineering, or related field
    • Experience with EverFox High Speed Guard Platform
    • Proven experience (10+ years) in Intelligence Analysis
    • Experience with User Activity Monitoring products and platforms
    • Proven experience (4+ years) in Threat Assessment & Mitigation
    • Certified Counter-Insider Threat Professional - Fundamentals (CCITP-F)
    • Certified Counter-Insider Threat Professional - Analysis (CCITP-A)
    • Completion of Center for Development of Security Excellence (CDSE) Insider Threat Detection Analysis Course (ITDAC)
    • Completion of Workplace Assessment of Violence Risk (WAVR-21) Workshop
    • Completion of Center for Development of Security Excellence (CDSE) Curriculums; INT311.CU/INT312.CU/CI201.CU


    We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

    EEO Statement

    ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
    group id: RTL208333
    R
    Recruiter

    ASRC Federal Building Careers

    job ad image
    Find ASRC Federal on Social Media
    FacebookFacebookXXother imageOther
    Network Employers
    user avatar
    About Us
    ASRC Federal’s family of companies help federal civilian, defense and intelligence agencies achieve mission success. Our teams offer highly technical expertise in digital operations and IT modernization, software development, facilities management, engineering solutions, professional services, and infrastructure operations across the national security, defense and intel, health, civilian, and space markets. Inspired by the Iñupiat culture, we embrace stewardship and using every resource effectively; teamwork when striving to achieve goals and building a collaborative environment; integrity in adhering to high moral principles and professional standards; high performance in striving to deliver superior business results and exceptional customer value; and citizenship by taking care of our employees, shareholders and the communities where we work and live. Explore purpose driven career opportunities with ASRC Federal: http://www.asrcfederal.com/careers
    See ASRC Federal profile
    job ad2 image

    ASRC Federal Jobs

    Employer
    ASRC Federal