Insider Threat Analyst

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

OVERVIEW:

The Senior Information Security Analyst (Insider Threat Analyst) is a critical member of the Insider Threat Operations Center (ITOC), responsible for advanced analysis, detection, hunting, and investigative support related to insider threats. This role requires deep analytical expertise, technical proficiency with User Activity Monitoring (UAM), User Behavior Analytics (UBA), Single Pane of Glass (SPOG) solutions, and a comprehensive understanding of the evolving insider threat landscape.

GENERAL DUTIES:

1. Insider Threat Operations and Analysis

• Review, analyze, and search insider threat data to identify trends, patterns, and indicators of potential insider threats.
• Produce actionable analytics to help identify individuals at risk of harm to themselves or the department, assess compromise vectors, and document behavioral indicators.
• Develop and refine processes to identify compromised users, assess threats and impacts, and provide recommendations to contain and eradicate advanced insider threats.
• Support the creation of complex correlation rules and triggers in the enterprise UAM solution.
• Respond to critical or high-priority UAM alerts within four hours during normal business hours.
• Provide surge support, including event monitoring, complex analysis, and training, during periods of increased threat activity.

2. Hunt Team Operations

• Perform proactive insider threat hunting across enterprise networks, reviewing and refining potential risk indicators to enhance detection and analysis capabilities.
• Rotate among internal analytic teams, as needed, to maintain proficiency and continuously advance expertise.
• Develop, document, and update standard operating procedures (SOPs) and best practices for hunt operations.

3. Inquiries & Investigations Support

• Conduct thorough and objective inquiries and investigations into potential insider threat or misconduct indicators.
• Correlate data across a wide range of data sets, systems, and tools to identify patterns of activity.
• Generate detailed inquiry and investigation reports, clearly articulating concerns and findings.
• Recommend, coordinate, and facilitate mitigation strategies with partner law enforcement, security, counterintelligence, human capital, and cybersecurity teams.
• Rotate among analytic teams and contribute to the ongoing development of SOPs and best practices.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field.
• 6+ years of experience in information security analysis, with at least 3 years focused on insider threat analysis, research, or hunt operations.
• Demonstrated experience with insider threat data analysis and research.
• Expertise utilizing UAM, UBA, and SPOG capabilities in large, complex environments.
• In-depth knowledge of the current insider threat landscape, including adversary tactics, techniques, and procedures (TTPs).
• Proven ability to investigate, identify, contain, and recover from insider threat incidents.
• Strong analytical, problem-solving, and technical writing skills.
• Excellent communication and teamwork abilities.

DESIRED QUALIFICATIONS:

• Experience supporting federal agency insider threat and cybersecurity programs.
• Familiarity with advanced analytics, threat hunting methodologies, and investigative tools.
• Relevant certifications (e.g., CISSP, GIAC, CISA, CEH, Insider Threat Program Manager).
• Experience providing surge support and rapid response during high-alert periods.

CLEARANCE:

• TS/SCI minimum

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.