Insider Threat Lead
Washington, D.C.
Agile Defense
At the forefront of innovation, driving advanced capabilities and solutions tailored to the most critical national security and civilian missions.
Requisition #535 Job Title: Senior Insider Threat AnalystLocation: Hybrid role requiring one day onsite - 1155 21st St NW Washington, District of Columbia 20581 Clearance Level: Active DoD - Public Trust SUMMARYThe Insider Risk Lead will manage the Insider Threat program at a Government Agency. The program is a standalone part of an advanced analytics capability of the larger Security Operation Center (SOC) program that provides comprehensive Computer Network Defense and Response support through monitoring and analysis of potential threat activity targeting the enterprise.
JOB DUTIES AND RESPONSIBILITIES· The Insider Threat Lead oversees insider threat operations, conducts advanced security event analytics, insider threat monitoring, log analysis, host-based forensics, incident response, and case management. In support of this vital mission, Agile Defense staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries.· To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response.· Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of incident response, insider threat investigations, forensics, cyber threats, and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables.· Additionally, the ideal candidate would be familiar with insider threat monitoring software, hostbased forensic tools, intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
SUPERVISORY DUTIES· Will oversee the activities of one Insider Threat Analyst.
QUALIFICATIONSRequired Certification(s): · Digital Forensic or Incident Response Certifications such as: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, CISSP, Security+, Network+, CEH, CND. CCE, CFC, EnCE, CFCE, GREM.Education, Background, and Years of Experience· 7+ years of experience in a cyber network defense or insider threat environment.· Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
ADDITIONAL SKILLS & QUALIFICATIONSRequired Skills· Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.· Prior experience and ability to with analyzing information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents.· This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.· Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, network traffic, IDS events for malicious intent).· Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.· Excellent organizational and attention to details in tracking activities within various Security Operation workflows.· A working knowledge of the various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows· Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).· Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.· Experience conducting Forensic Analysis on compromised systems using digital forensics tools (e.g., EnCase, FTK)· Experience with Cyber, Insider Threat and Policy Violation Investigations, and conducting eDiscovery investigations· Proficiency in cyber threat exploitation patterns, from discovery through establishing a persistent presence· Provide subject matter expertise support in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.· Knowledge and proficiency using the tools and techniques required to successfully conduct dynamic and static analysis of binary samples.Preferred Skills· Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk or MS Sentinel).· Experience with counterintelligence investigations within the intelligence community.· Coordinating with FinCEN or similar entities on intelligence analysis and tippers.· Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.· Experience in recommending and coordinating countermeasures to operational CND personnel.· Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required).· Familiarity with scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET).· Experience with data governance and data analysis tools such as Microsoft Purview, Nuix, Proofpoint, Forcepoint DLP, CloudNine, OpenText, Relativity, Varonis, Code42, etc.
WORKING CONDITIONSEnvironmental Conditions· Contractor site with 0%-10% travel possible. General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. The onsite customer working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work at the customer location is generally performed within an office environment, with standard office equipment available.Strength Demands· Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Physical Requirements· Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; See; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse).
JOB DUTIES AND RESPONSIBILITIES· The Insider Threat Lead oversees insider threat operations, conducts advanced security event analytics, insider threat monitoring, log analysis, host-based forensics, incident response, and case management. In support of this vital mission, Agile Defense staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries.· To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response.· Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of incident response, insider threat investigations, forensics, cyber threats, and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables.· Additionally, the ideal candidate would be familiar with insider threat monitoring software, hostbased forensic tools, intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
SUPERVISORY DUTIES· Will oversee the activities of one Insider Threat Analyst.
QUALIFICATIONSRequired Certification(s): · Digital Forensic or Incident Response Certifications such as: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, CISSP, Security+, Network+, CEH, CND. CCE, CFC, EnCE, CFCE, GREM.Education, Background, and Years of Experience· 7+ years of experience in a cyber network defense or insider threat environment.· Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
ADDITIONAL SKILLS & QUALIFICATIONSRequired Skills· Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.· Prior experience and ability to with analyzing information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents.· This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.· Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, network traffic, IDS events for malicious intent).· Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.· Excellent organizational and attention to details in tracking activities within various Security Operation workflows.· A working knowledge of the various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows· Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).· Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.· Experience conducting Forensic Analysis on compromised systems using digital forensics tools (e.g., EnCase, FTK)· Experience with Cyber, Insider Threat and Policy Violation Investigations, and conducting eDiscovery investigations· Proficiency in cyber threat exploitation patterns, from discovery through establishing a persistent presence· Provide subject matter expertise support in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.· Knowledge and proficiency using the tools and techniques required to successfully conduct dynamic and static analysis of binary samples.Preferred Skills· Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk or MS Sentinel).· Experience with counterintelligence investigations within the intelligence community.· Coordinating with FinCEN or similar entities on intelligence analysis and tippers.· Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.· Experience in recommending and coordinating countermeasures to operational CND personnel.· Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required).· Familiarity with scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET).· Experience with data governance and data analysis tools such as Microsoft Purview, Nuix, Proofpoint, Forcepoint DLP, CloudNine, OpenText, Relativity, Varonis, Code42, etc.
WORKING CONDITIONSEnvironmental Conditions· Contractor site with 0%-10% travel possible. General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. The onsite customer working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work at the customer location is generally performed within an office environment, with standard office equipment available.Strength Demands· Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Physical Requirements· Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; See; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Categories:
Leadership Jobs
Threat Intel Jobs
Tags: Active Directory Agile Analytics Bash CEH CFCE CHFI CISSP Clearance CND Computer Science DNS DoD ECSA EnCase EnCE Forensics GCED GCFA GCFE GCIA GCIH GCTI GNFA Governance Government agency GREM IDS Incident response Intrusion detection Linux Log analysis Malware Monitoring Perl PowerShell Python Ruby Scripting Sentinel SIEM SMTP SOC Splunk SQL Threat detection Windows
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Network Security Engineer jobsInformation System Security Officer jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsCompTIA jobsDocker jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsIT infrastructure jobsSOC 2 jobsAnsible jobsJavaScript jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs