Job Requirements
Lanham, MD
Clearance Unspecified Polygraph not specified
Senior Level Career (10+ yrs experience)
$135,000 - $160,000
Job Description
Position Title: Lead Cyber Fraud Analytics Analyst
Company: Strategic Technology Institute, Inc. (STi)
Location: Lanham, MD / New Carrollton Federal Building — Primarily on-site client support
Anticipated Start Date: 01 October 2026
Security / Screening Requirement: Ability to complete U.S. Federal Government background investigation, fingerprinting, and IRS staff-like access requirements
Contract: IRS Cybersecurity Fraud Analytics and Monitoring (CFAM) Support Services
Key Personnel / Labor Category: Lead
EMPLOYMENT NOTE
• Full-time position contingent upon contract award and customer approval. STi is actively identifying highly qualified candidates for proposal submission and rapid post-award onboarding.
• Period of Performance: 01 October 2026 – 30 September 2031
• Primary work location is on-site at the New Carrollton Federal Building, 5000 Ellin Road, Lanham, MD 20706.
• Standard business hours are generally 8:30 AM–5:00 PM ET, Monday–Friday, unless otherwise approved by the Government.
• No travel is currently anticipated for this role.
ABOUT STi
Strategic Technology Institute, Inc. (STi) supports national security missions across Engineering • MRO • Logistics • IT & Cybersecurity • Program Control. STi is a minority-owned Small Disadvantaged Business (SDB) focused on delivering flexible, mission-driven solutions that help Federal customers solve complex operational challenges.
POSITION OVERVIEW
STi is seeking a Lead Cyber Fraud Analytics Analyst to support the IRS Cybersecurity Fraud Analytics and Monitoring (CFAM) program. This role will provide hands-on technical and operational support for predictive analytics, forensic analysis, log/SIEM analysis, data ingestion, fraud indicator development, incident coordination, threat research, and analytics support for IRS online applications and digital identity-related services.
The ideal candidate has practical experience working across cybersecurity analytics, fraud analytics, operational data analysis, incident support, ETL/data engineering, SIEM/log review, and stakeholder-facing technical support. This role is especially suited for a lead analyst who can work independently, evaluate diverse technical problems, present practical solutions, and support both routine operations and urgent suspicious-activity investigations.
This position maps to the Lead key personnel labor category and requires the ability to solve difficult problems in imaginative and practical ways, work independently on routine assignments, and provide strategic, tactical, and operational-level planning support based on client requirements.
PRIMARY DUTIES AND RESPONSIBILITIES
Responsibilities include:
• Support predictive analytics and deep forensic analysis of data associated with IRS online applications, SADI, credential service providers, and related application-layer fraud detection activities.
• Analyze real-time event data, application logs, transaction data, identity-related data, and user behavior patterns to identify anomalous, malicious, or potentially fraudulent activity.
• Assist in development, tuning, documentation, and testing of fraud indicators, analytical algorithms, machine learning models, and detection logic.
• Support log analysis, parsing, data transformation, data quality review, and analytical data set development for new and existing data sources.
• Develop or support ETL processes, utilities, ingestion models, data dictionaries, and repeatable analytical workflows.
• Use analytical methods such as classification, clustering, anomaly detection, regression, time-series analysis, link/network analysis, text mining, and statistical validation to support fraud detection use cases.
• Provide forensic and incident management support in response to anomalous, malicious, or fraudulent activity.
• Support timely incident response activities, including identifying the nature of threats, assisting with root-cause analysis, notifying required parties, documenting findings, and recommending mitigation actions.
• Support integration and testing of analytics changes needed for new IRS applications, new credential service providers, or changes to existing data sources.
• Perform open-source research and integrate threat intelligence as needed to support emerging fraud pattern analysis.
• Coordinate with application owners, developers, CSP stakeholders, cybersecurity personnel, business representatives, and technical SMEs to understand user flows, business logic, data structures, and logging needs.
• Contribute to monthly CFAM findings, prevention recommendations, detection reports, forensic analysis reports, technical briefings, white papers, and leadership presentations.
• Provide advisory support related to platform administration, data source management, schema, normalization, dashboards, and analytical reporting.
• Work independently on routine analytical tasks and receive general direction on new or complex assignments.
MINIMUM QUALIFICATIONS
• Bachelor’s degree in cybersecurity, data analytics, computer science, information systems, statistics, engineering, operations research, applied mathematics, or a related field; equivalent demonstrated experience may be considered. Master’s degree preferred.
• 5–7+ years of relevant experience in cybersecurity analytics, fraud analytics, data analytics, cyber incident coordination, digital identity, application-layer monitoring, ETL/data engineering, SIEM/log analysis, OSINT/threat intelligence, or operational analytics.
• Working knowledge of related technical disciplines used to assess cybersecurity, fraud detection, data quality, incident response, or analytics problems.
• Experience solving difficult technical or analytical problems using practical, structured, and client-focused approaches.
• Experience analyzing structured and unstructured data, large transaction data sets, application logs, or user-generated activity data to identify patterns, anomalies, correlations, and potential risks.
• Experience supporting ETL, data ingestion, data transformation, data quality review, or analytical data set development.
• Familiarity with analytical tools and technologies such as Python, R, Java, Linux shell scripting, SQL/noSQL databases, Spark, Elasticsearch, Parquet or equivalent formats, Splunk/SIEM, and visualization or dashboard tools.
• Experience supporting cyber fraud, digital identity, authentication/authorization user flows, application-layer fraud detection, transaction monitoring, incident forensics, or risk analytics.
• Ability to prepare clear technical documentation, findings summaries, recommendations, and briefing inputs for technical and non-technical audiences.
• Ability to work primarily on-site in Lanham, MD and support time-sensitive analysis, suspicious activity review, or incident-related coordination when required.
• Ability to successfully complete U.S. Federal Government background investigation, fingerprinting, and IRS staff-like access requirements.
PREFERRED QUALIFICATIONS
• Prior IRS, Treasury, Federal cybersecurity, financial services, intelligence community, law enforcement, digital identity, SADI, credential service provider, or high-volume digital fraud experience.
• Experience with machine learning or statistical methods such as Random Forests, Decision Trees, Principal Components Analysis, neural networks, k-NN, k-Means, Bayesian networks, Mahalanobis distance, logistic regression, or multiple linear regression.
• Experience supporting Watch Operations, SOC, cyber incident coordination, threat intelligence, application security monitoring, or enterprise IT event management.
• Certifications such as Security+, CISSP, CISM, CRISC, Splunk, cloud, data analytics, machine learning, GIAC, or digital forensics credentials.
• Experience with FISMA, NIST security controls, NIST digital identity concepts, secure data handling, PII, FTI, SBU, RMF/ATO support, vulnerability management, or secure SDLC practices.
• Experience creating fraud indicators, dashboards, trend reports, detection reports, prevention recommendations, or forensic analysis reports.
WORK ENVIRONMENT
• Primary place of performance is the New Carrollton Federal Building in Lanham, MD.
• Work supports a high-visibility IRS cybersecurity fraud analytics mission environment.
• The role requires collaboration with analytics staff, cybersecurity teams, Government stakeholders, application owners, CSP stakeholders, data engineers, and business representatives.
• Work is primarily performed on-site during standard business hours, with potential need to support urgent analysis, suspicious activity review, or incident coordination when required.
• No travel is currently anticipated.
Keywords: lead fraud analyst, cyber fraud analytics, cybersecurity analyst, forensic analytics, predictive analytics, anomaly detection, incident coordination, SIEM, Splunk, Python, R, Java, SQL, noSQL, ETL, data ingestion, Spark, Elasticsearch, Parquet, digital identity, SADI, CSP, authentication, IRS, Treasury, application-layer fraud, threat intelligence, OSINT, machine learning, data analytics
EEO: STi is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, disability, genetic information, protected veteran status, or any other protected status.
Company: Strategic Technology Institute, Inc. (STi)
Location: Lanham, MD / New Carrollton Federal Building — Primarily on-site client support
Anticipated Start Date: 01 October 2026
Security / Screening Requirement: Ability to complete U.S. Federal Government background investigation, fingerprinting, and IRS staff-like access requirements
Contract: IRS Cybersecurity Fraud Analytics and Monitoring (CFAM) Support Services
Key Personnel / Labor Category: Lead
EMPLOYMENT NOTE
• Full-time position contingent upon contract award and customer approval. STi is actively identifying highly qualified candidates for proposal submission and rapid post-award onboarding.
• Period of Performance: 01 October 2026 – 30 September 2031
• Primary work location is on-site at the New Carrollton Federal Building, 5000 Ellin Road, Lanham, MD 20706.
• Standard business hours are generally 8:30 AM–5:00 PM ET, Monday–Friday, unless otherwise approved by the Government.
• No travel is currently anticipated for this role.
ABOUT STi
Strategic Technology Institute, Inc. (STi) supports national security missions across Engineering • MRO • Logistics • IT & Cybersecurity • Program Control. STi is a minority-owned Small Disadvantaged Business (SDB) focused on delivering flexible, mission-driven solutions that help Federal customers solve complex operational challenges.
POSITION OVERVIEW
STi is seeking a Lead Cyber Fraud Analytics Analyst to support the IRS Cybersecurity Fraud Analytics and Monitoring (CFAM) program. This role will provide hands-on technical and operational support for predictive analytics, forensic analysis, log/SIEM analysis, data ingestion, fraud indicator development, incident coordination, threat research, and analytics support for IRS online applications and digital identity-related services.
The ideal candidate has practical experience working across cybersecurity analytics, fraud analytics, operational data analysis, incident support, ETL/data engineering, SIEM/log review, and stakeholder-facing technical support. This role is especially suited for a lead analyst who can work independently, evaluate diverse technical problems, present practical solutions, and support both routine operations and urgent suspicious-activity investigations.
This position maps to the Lead key personnel labor category and requires the ability to solve difficult problems in imaginative and practical ways, work independently on routine assignments, and provide strategic, tactical, and operational-level planning support based on client requirements.
PRIMARY DUTIES AND RESPONSIBILITIES
Responsibilities include:
• Support predictive analytics and deep forensic analysis of data associated with IRS online applications, SADI, credential service providers, and related application-layer fraud detection activities.
• Analyze real-time event data, application logs, transaction data, identity-related data, and user behavior patterns to identify anomalous, malicious, or potentially fraudulent activity.
• Assist in development, tuning, documentation, and testing of fraud indicators, analytical algorithms, machine learning models, and detection logic.
• Support log analysis, parsing, data transformation, data quality review, and analytical data set development for new and existing data sources.
• Develop or support ETL processes, utilities, ingestion models, data dictionaries, and repeatable analytical workflows.
• Use analytical methods such as classification, clustering, anomaly detection, regression, time-series analysis, link/network analysis, text mining, and statistical validation to support fraud detection use cases.
• Provide forensic and incident management support in response to anomalous, malicious, or fraudulent activity.
• Support timely incident response activities, including identifying the nature of threats, assisting with root-cause analysis, notifying required parties, documenting findings, and recommending mitigation actions.
• Support integration and testing of analytics changes needed for new IRS applications, new credential service providers, or changes to existing data sources.
• Perform open-source research and integrate threat intelligence as needed to support emerging fraud pattern analysis.
• Coordinate with application owners, developers, CSP stakeholders, cybersecurity personnel, business representatives, and technical SMEs to understand user flows, business logic, data structures, and logging needs.
• Contribute to monthly CFAM findings, prevention recommendations, detection reports, forensic analysis reports, technical briefings, white papers, and leadership presentations.
• Provide advisory support related to platform administration, data source management, schema, normalization, dashboards, and analytical reporting.
• Work independently on routine analytical tasks and receive general direction on new or complex assignments.
MINIMUM QUALIFICATIONS
• Bachelor’s degree in cybersecurity, data analytics, computer science, information systems, statistics, engineering, operations research, applied mathematics, or a related field; equivalent demonstrated experience may be considered. Master’s degree preferred.
• 5–7+ years of relevant experience in cybersecurity analytics, fraud analytics, data analytics, cyber incident coordination, digital identity, application-layer monitoring, ETL/data engineering, SIEM/log analysis, OSINT/threat intelligence, or operational analytics.
• Working knowledge of related technical disciplines used to assess cybersecurity, fraud detection, data quality, incident response, or analytics problems.
• Experience solving difficult technical or analytical problems using practical, structured, and client-focused approaches.
• Experience analyzing structured and unstructured data, large transaction data sets, application logs, or user-generated activity data to identify patterns, anomalies, correlations, and potential risks.
• Experience supporting ETL, data ingestion, data transformation, data quality review, or analytical data set development.
• Familiarity with analytical tools and technologies such as Python, R, Java, Linux shell scripting, SQL/noSQL databases, Spark, Elasticsearch, Parquet or equivalent formats, Splunk/SIEM, and visualization or dashboard tools.
• Experience supporting cyber fraud, digital identity, authentication/authorization user flows, application-layer fraud detection, transaction monitoring, incident forensics, or risk analytics.
• Ability to prepare clear technical documentation, findings summaries, recommendations, and briefing inputs for technical and non-technical audiences.
• Ability to work primarily on-site in Lanham, MD and support time-sensitive analysis, suspicious activity review, or incident-related coordination when required.
• Ability to successfully complete U.S. Federal Government background investigation, fingerprinting, and IRS staff-like access requirements.
PREFERRED QUALIFICATIONS
• Prior IRS, Treasury, Federal cybersecurity, financial services, intelligence community, law enforcement, digital identity, SADI, credential service provider, or high-volume digital fraud experience.
• Experience with machine learning or statistical methods such as Random Forests, Decision Trees, Principal Components Analysis, neural networks, k-NN, k-Means, Bayesian networks, Mahalanobis distance, logistic regression, or multiple linear regression.
• Experience supporting Watch Operations, SOC, cyber incident coordination, threat intelligence, application security monitoring, or enterprise IT event management.
• Certifications such as Security+, CISSP, CISM, CRISC, Splunk, cloud, data analytics, machine learning, GIAC, or digital forensics credentials.
• Experience with FISMA, NIST security controls, NIST digital identity concepts, secure data handling, PII, FTI, SBU, RMF/ATO support, vulnerability management, or secure SDLC practices.
• Experience creating fraud indicators, dashboards, trend reports, detection reports, prevention recommendations, or forensic analysis reports.
WORK ENVIRONMENT
• Primary place of performance is the New Carrollton Federal Building in Lanham, MD.
• Work supports a high-visibility IRS cybersecurity fraud analytics mission environment.
• The role requires collaboration with analytics staff, cybersecurity teams, Government stakeholders, application owners, CSP stakeholders, data engineers, and business representatives.
• Work is primarily performed on-site during standard business hours, with potential need to support urgent analysis, suspicious activity review, or incident coordination when required.
• No travel is currently anticipated.
Keywords: lead fraud analyst, cyber fraud analytics, cybersecurity analyst, forensic analytics, predictive analytics, anomaly detection, incident coordination, SIEM, Splunk, Python, R, Java, SQL, noSQL, ETL, data ingestion, Spark, Elasticsearch, Parquet, digital identity, SADI, CSP, authentication, IRS, Treasury, application-layer fraud, threat intelligence, OSINT, machine learning, data analytics
EEO: STi is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, disability, genetic information, protected veteran status, or any other protected status.
group id: 10115903