Insider Threat Systems Engineer

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

OVERVIEW:

The Senior Computer Systems Engineer/Architect will be responsible for the design, integration, implementation, and ongoing support of advanced insider threat detection systems and supporting technologies within the agencies Insider Threat Operations Center (ITOC). This position requires advanced technical expertise, strong documentation and training skills, and the ability to support and enhance a complex, highly secure enterprise environment.

GENERAL DUTIES:

1. System Design and Architecture

• Develop a comprehensive system architecture plan, detailing the design, components, interfaces, and data flows for an enhanced insider threat detection system.
• Ensure architectural compatibility with existing applications and enable future scalability to support evolving requirements.

2. Integration Planning and Implementation

• Create a detailed integration plan specifying steps, resources, and timelines to implement enhanced insider threat capabilities, with full execution within 180 days.
• Minimize operational disruptions during integration and coordinate across multiple stakeholders and technical teams.

3. Documentation and Technical Manuals

• Develop and maintain comprehensive and up-to-date documentation, including system design documents, integration procedures, and technical manuals.
• Ensure documentation is easily accessible and tailored to relevant stakeholders.

4. Training and Support

• Deliver a minimum of two annual in-house training sessions for UAM/UBA systems to analyst staff and new personnel, providing certification upon completion.
• Offer ongoing technical support during and after integration, ensuring personnel are proficient in system operation, maintenance, and troubleshooting.

5. Engineering and Security Support

• Provide support for security engineering, integration, and deployment of security technologies for both insider and external threats.
• Resolve UAM component issues within 48 hours; acknowledge government requests within 1 hour during business hours.
• Enhance and deploy IT systems for the ITOC, identifying and recommending improvements to quality, cost efficiency, and utility.
• Implement new or replacement security service solutions and extend system capabilities for new data sources.

6. Threat Intelligence and Data Integration

• Integrate automated threat intelligence/data feeds with the Enterprise Data Lake and Single Pane of Glass (SPOG) within 10 working days of feed availability.
• Provide engineering, operations, maintenance, and project support for SPOG, UEBA, UAM, Case/Data Management, Workflow, AI/ML services, Endpoint Incident Response, Cross Domain Solutions, Data Lakes, and Sentiment Analysis services.

7. API and Systems Integration

• Integrate disparate security systems and data feeds using APIs (primarily Python for SOAP/REST APIs).
• Support integration of multiple security sensors and systems across the enterprise.

8. Vulnerability and Security Assessment

• Conduct and coordinate weekly (or as directed) vulnerability scans on multiple networks and systems in support of FISMA requirements.
• Collaborate with system owners/admins/ISSOs to notify, execute, and report scan results.
• Support security assessments by defining scope, developing test plans, analyzing results, and preparing reports and briefings.

9. Compliance and Reporting

• Monitor and report on scan coverage quarterly and provide technical analysis of scan results monthly or as requested.
• Support baseline compliance and accreditation efforts for information systems and applications per agency guidelines.
• Apply advanced analytic techniques to IT system logs to detect threats, APTs, and cyber intrusions.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related field (Master's preferred).
• 8+ years of experience in systems engineering/architecture, with a focus on security and large-scale enterprise environments.
• Expertise in insider threat detection, User Activity Monitoring (UAM), User Entity and Behavior Analytics (UEBA), and integration of security solutions.
• Proficiency in Python and experience with SOAP/REST APIs for security systems integration.
• Strong knowledge of enterprise data lakes, case/data management, workflow, endpoint incident response, and cross-domain solutions.
• Experience conducting vulnerability assessments and supporting FISMA compliance.
• Excellent documentation, technical writing, and training delivery skills.
• Strong analytical and problem-solving abilities, with proven project management skills.

DESIRED QUALIFICATIONS:

• Federal agency experience, particularly with insider threat or cyber operations programs.
• Experience with AI/ML solutions, sentiment analysis, and emerging security technologies.
• Relevant certifications (e.g., CISSP, CISM, CEH, GIAC).

CLEARANCE:

• TS/SCI minimum

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.