The Insider Threat Analyst position conducts threat analysis, provide assessments of threat and vulnerabilities, produce investigative leads, uncover policy violations, assess risk posed by trusted insiders, oversees the data collection effort on the customer’s networks using UAM tools.
- Identify potential risk factors and indicators and warnings of at-risk insiders.
- Detect evidence of employee misconduct, policy violations, and potential information theft, sabotage and/or fraud.
- Perform research to provide context for potentially concerning events.
- Collect and track metrics and trends.
- Uncover anomalies and discern obscure patterns and attributes.
- Provide recommendations for new collection policies and for improvement of existing policies.
- Synthesize information from audit collection, data mining operations and additional sources to compile results into investigative reports or analytical products as required.
- Prepare and present analysis with findings and recommendations, in the form of briefings and/or reports, to government leads and managers as required.
- Prepare monthly reports for customer regarding mission metrics, contractor activities and accomplishments, and relevant administrative items.
- S. Citizenship.
- Ability to maintain a TS/SCI clearance.
- Minimum of three (3) year’s experience in any of the following fields:
- Law enforcement/investigations
- Personnel security investigations/adjudications
- Computer network defense, information assurance, incident response, or cybersecurity
- Bachelor’s Degree in discipline related to the above fields, or the equivalent combination of education, professional training, or work experience.
- Must be trained and proficient in the user activity monitoring (UAM) and auditing tools.
- Must be familiar with the 13 national security adjudicative guidelines and standards.
- Ability to demonstrate strong knowledge of insider threat concepts.
- Demonstrated ability to document investigative and analytic activities.
- Intelligence analyst/community experience.
- Knowledge of US Government security and Insider Threat program standards as well as protocols and procedures associated with incident response and forensic investigations.
- Should have an understanding of the intelligence cycle and architecture, to include planning, collection, research, analysis, and production.
- Should be familiar with Foreign Intelligence Entity (FIE) and non-state entity use of technology to target, collect, and exploit DoD information and information systems, personnel, and operations.
- People skills, and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details.
- Excellent written and verbal communication skills.
- Excellent problem solving skills.
- Knowledge of Microsoft and Linux administration (including command line) preferred.