Leidos
Overview
The Digital Modernization Sector at Leidos has an opening for a Hunt Analyst supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Program (ITP). The role is to support, sustain, design and evolve the database backbone of the ITP. The ITP mission is to identify insider threats to the department by utilizing advanced analytics, monitoring, and data correlation to address and mitigate potential threat actors from compromising the DHS mission. Responsibilities
Work schedule to include weekdays 2pm-10pm and weekends 6am-6pm; 2-3 days off based on schedule; work week not to exceed 40 hours. The position is expected to eventually move to 24x7 shift work at an undetermined date. Examine, analyze, and search insider threat data to identify trends, patterns, and insights of potential insider threat indicators. Provide analytical, program support related to the operation of UAM/UEBA tools. Monitor UAM platform to identify emerging requirements and coordinate across the enterprise for timely response. Research UAM patterns to identify behaviors related to potential insider threat risk to the DHS enterprise. Provide proactive insider threat hunting across the DHS enterprise network using behavioral analytics to detect, investigate, and mitigate anomalous activity and policy violations. Conduct continuous hunt operations across data and log sources, DHS platforms, EDR tools, and network traffic to identify insider threat patterns. Identify mitigation strategies to support the investigative team in reducing insider threat risk. Utilize UEBA platforms and techniques to baseline user activity and detect deviations. Provide timely response to critical/high UAM alerts within 4 hours during normal business hours. Basic Qualifications
Bachelors degree with 12+ years of relevant insider threat experience or Masters with 10+ years of relevant experience. Additional years of experience with requisite certifications may be considered in lieu of degree. Minimum 4 years of demonstrated knowledge of the intelligence cycle, analytic techniques, systems, processes, and organizations. Minimum 4 years of demonstrated knowledge of Threat Assessment & Mitigation Strategies. Excellent written and verbal skills with ability to deliver briefings to diverse audiences. Knowledge of current domestic and international threats to U.S. national security interests. Ability to establish networks with security, personnel, and prevention stakeholders to foster program utilization. Self-starter capable of working independently to promote program goals. Working knowledge of User Activity Monitoring Software (UAM) and related solutions. Working knowledge of cybersecurity toolsets supporting ITP mission activities. Working knowledge of Open-Source toolsets. Working knowledge of Insider Threat Frameworks; Pathway to Violence & Critical Pathway. Current TS/SCI and US Citizenship required; ability to obtain DHS EOD SCI and willingness to undergo CI Polygraph. Preferred Qualifications
Master’s degree in Criminal Justice, Homeland Security, Cyber Security, or related field. 10+ years of intelligence analysis experience. Experience with User Activity Monitoring products and platforms. 4+ years of experience in Threat Assessment & Mitigation. Certified Counter-Insider Threat Professional - Fundamentals (CCITP-F). Certified Counter-Insider Threat Professional - Analysis (CCITP-A). CDSE ITDAC, WAVR-21 Workshop, and related CDSE curricula (INT311.CU/INT312.CU/CI201.CU). Note: The posting includes a general pay range and additional information about posting timelines.
#J-18808-Ljbffr
The Digital Modernization Sector at Leidos has an opening for a Hunt Analyst supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Program (ITP). The role is to support, sustain, design and evolve the database backbone of the ITP. The ITP mission is to identify insider threats to the department by utilizing advanced analytics, monitoring, and data correlation to address and mitigate potential threat actors from compromising the DHS mission. Responsibilities
Work schedule to include weekdays 2pm-10pm and weekends 6am-6pm; 2-3 days off based on schedule; work week not to exceed 40 hours. The position is expected to eventually move to 24x7 shift work at an undetermined date. Examine, analyze, and search insider threat data to identify trends, patterns, and insights of potential insider threat indicators. Provide analytical, program support related to the operation of UAM/UEBA tools. Monitor UAM platform to identify emerging requirements and coordinate across the enterprise for timely response. Research UAM patterns to identify behaviors related to potential insider threat risk to the DHS enterprise. Provide proactive insider threat hunting across the DHS enterprise network using behavioral analytics to detect, investigate, and mitigate anomalous activity and policy violations. Conduct continuous hunt operations across data and log sources, DHS platforms, EDR tools, and network traffic to identify insider threat patterns. Identify mitigation strategies to support the investigative team in reducing insider threat risk. Utilize UEBA platforms and techniques to baseline user activity and detect deviations. Provide timely response to critical/high UAM alerts within 4 hours during normal business hours. Basic Qualifications
Bachelors degree with 12+ years of relevant insider threat experience or Masters with 10+ years of relevant experience. Additional years of experience with requisite certifications may be considered in lieu of degree. Minimum 4 years of demonstrated knowledge of the intelligence cycle, analytic techniques, systems, processes, and organizations. Minimum 4 years of demonstrated knowledge of Threat Assessment & Mitigation Strategies. Excellent written and verbal skills with ability to deliver briefings to diverse audiences. Knowledge of current domestic and international threats to U.S. national security interests. Ability to establish networks with security, personnel, and prevention stakeholders to foster program utilization. Self-starter capable of working independently to promote program goals. Working knowledge of User Activity Monitoring Software (UAM) and related solutions. Working knowledge of cybersecurity toolsets supporting ITP mission activities. Working knowledge of Open-Source toolsets. Working knowledge of Insider Threat Frameworks; Pathway to Violence & Critical Pathway. Current TS/SCI and US Citizenship required; ability to obtain DHS EOD SCI and willingness to undergo CI Polygraph. Preferred Qualifications
Master’s degree in Criminal Justice, Homeland Security, Cyber Security, or related field. 10+ years of intelligence analysis experience. Experience with User Activity Monitoring products and platforms. 4+ years of experience in Threat Assessment & Mitigation. Certified Counter-Insider Threat Professional - Fundamentals (CCITP-F). Certified Counter-Insider Threat Professional - Analysis (CCITP-A). CDSE ITDAC, WAVR-21 Workshop, and related CDSE curricula (INT311.CU/INT312.CU/CI201.CU). Note: The posting includes a general pay range and additional information about posting timelines.
#J-18808-Ljbffr