Insider Threat Analyst to work in our Charleston, SC office.
Job Description: Insider Threat Analysts shall conduct technical analyses of user activity data and alerts to identify indicators of insider threats. In addition to producing investigative leads, analysts are expected to review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations. Analysts shall compile results of analyses into reports or analytical products that are concise, accurate, and timely and be capable of presenting the results to team members and management as required.
Conduct technical analyses of user activity data and alerts to identify indicators of insider threats.
Triage insider threat alerts by correlating insider threat data and other data sources to determine potential indications of malicious or risky insider activity.
Create a hypothesis and perform analyses using tools to understand user dynamics and behavior.
Review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations
When supporting a customer inquiry, ask appropriate questions to understand the full scope of the request and conduct analysis with full diligence and discretion.
Incorporate complex flows of information into analyses adjusting scope, as necessary, to add additional context to alert triage and inquiries.
Produce reports of analysis results for distribution to appropriate insider threat stakeholders, management, and team members that are concise, accurate, and timely.
Present analysis results to management and team member to convey appropriate details in an easy to understand format
Work with team members to refine alerts based on triage results, understanding of insider threats, and current events.
Contribute to the development of processes and procedures within the CSSP to support improvement of the insider threat program.
Use knowledge of business tools, process, and prior incidents to make recommendations on future potential insider threat activities and areas of focus.
Authorized to view audit records on Central Log Server
Required Skills:
Must have a TS/ SCI Clearance
Possess High school Diploma or GED
Minimum five (5) year of experience in one or more of the following: insider threat, counterintelligence, counterespionage, cybersecurity, criminal justice, incident response, application security, network security, security operations, security monitoring, or security focused system's engineering.
DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
8570 Classification IAT -II & CSSP Analyst
Excellent written and oral communication skills with the ability to explain technically complex issues to a non-technical audience.
Sharp analytical abilities with proven technical and creative skills.
Desired Skills:
Bachelor's degree from an accredited University
Master's degree from an accredited University may reduce years of experience required
Minimum of one (1) year scripting or programming experience in PowerShell, Ruby, Python, Shell/BASH scripting, Java, C/C, C#, Perl, PL/SQL, or other related languages in the last three (3) years
Security related certifications such as OSCP, GIAC, GCIH, GCFA, GCIA, GPEN, GNFA, GCUX, CEH, Linux+, Security+.
Knowledge of Data Science techniques such as anomaly detection and machine learning.
Expert level understanding of insider threat analysis, user activity data, and analysis of host-based data.
Experience with the modus operandi of foreign intelligence entities, international threat organizations, and associated Cyber capabilities and operations.
Experience in support of DoD or IC Insider Threat programs and shall possess subject matter expertise with regards to Executive Order (E.O.) 13587, the DNI's National Counterintelligence and Security Center Insider Threat Task Force Standards, and DoD regulations/guidance regarding Insider Threat.
Experience working in a multi-tenant/service provider environment.
Experience with DoD IA/CND certification and accreditation programs.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
