Via Logic LLC
Insider Threat Program Hunt Team Analyst
Via Logic LLC, Washington, District of Columbia, us, 20022
Position Overview
The Digital Modernization Sector at Leidos has an opening for a Hunt Analyst supporting the HEITS Contract as part of the Department of Homeland Security Insider Threat Program (ITP). This role supports, sustains, designs and evolves the database backbone of the ITP, which identifies insider threats through advanced analytics, monitoring, and data correlation, helping safeguard DHS mission.
Responsibilities
Normal business hours will be defined as a schedule combination to include weekdays 2pm-10pm shift and weekends 6am-6pm shift. The candidate will have 2-3 days off based on the schedule determined & the work week should not exceed 40 hours.
This position is expected to eventually move to shift work to meet the requirement of 24x7 operations at an undetermined later date.
Examine, analyze, and search insider threat data to identify trends, patterns, and insights of potential insider threat indicators.
Provide analytical, program support services related to the operation of UAM/UEBA tool.
Monitor UAM platform to identify emerging requirements related to insider threat events and coordinate across the enterprise to ensure timely response.
Conduct further research on the UAM platform to identify patterns of concerning behavior related to a potential insider threat risk to the DHS enterprise.
Provide proactive insider threat-based hunting across the DHS enterprise network, leveraging methodologies and behavioral analytics to detect, investigate, and mitigate anomalous activity and policy violations indicative of malicious insider behavior.
Conduct continuous hunt operations across data and log sources, DHS platforms, EDR tools, and network traffic to identify patterns of insider threat behavior.
Identify mitigation strategies to assist the investigative team in effectively reducing insider threat risk.
Utilize UEBA (User and Entity Behavior Analytics) platforms and techniques to baseline user activity and detect deviations.
Provide timely response to critical/high UAM alerts (within 4 hours during normal business hours).
Basic Qualifications
Bachelor’s degree and (12)+ years of prior relevant insider threat experience or Master’s with (10)+ years of prior relevant experience. Additional years of experience with requisite certifications will be considered in lieu of degree.
Minimum of 4 years demonstrated knowledge of the intelligence cycle, analytic techniques, systems, processes, and organizations.
Minimum of 4 years demonstrated knowledge of Threat Assessment & Mitigation Strategies.
Have excellent written and verbal skills with ability to deliver briefings to a diverse group of audiences.
Possess knowledge of current domestic and international threats to U.S. national security interests.
Be adept at establishing networks with relevant security, personnel, and prevention stakeholders to foster program utilization.
Be a self-starter capable of working independently to promote program goals.
Working knowledge of User Activity Monitoring Software (UAM) and solutions.
Working knowledge of Cybersecurity toolsets designed to support ITP mission activities.
Working Knowledge of Open-Source toolsets.
Working Knowledge of Insider Threat Frameworks; Pathway to Violence & Critical Pathway.
Current TS/SCI and Must be a US Citizen.
Ability to obtain DHS EOD SCI and willingness to undergo CI Polygraph.
Preferred Qualifications
Master’s degree from an accredited college or university in Criminal Justice, Homeland security, Cyber Security, or related field
Proven experience (10+ years) in Intelligence Analysis
Experience with User Activity Monitoring products and platforms
Proven experience (4+ years) in Threat Assessment & Mitigation
Certified Counter-Insider Threat Professional - Fundamentals (CCITP-F)
Certified Counter-Insider Threat Professional - Analysis (CCITP-A)
Completion of Center for Development of Security Excellence (CDSE) Insider Threat Detection Analysis Course (ITDAC)
Completion of Workplace Assessment of Violence Risk (WAVR-21) Workshop
Completion of Center for Development of Security Excellence (CDSE) Curriculums; INT311.CU/INT312.CU/CI201.CU
At Leidos, we don’t want someone who “fits the mold” – we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”
If you’re already scheming step 20 while everyone else is still debating step 2... good. You’ll fit right in.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr
Responsibilities
Normal business hours will be defined as a schedule combination to include weekdays 2pm-10pm shift and weekends 6am-6pm shift. The candidate will have 2-3 days off based on the schedule determined & the work week should not exceed 40 hours.
This position is expected to eventually move to shift work to meet the requirement of 24x7 operations at an undetermined later date.
Examine, analyze, and search insider threat data to identify trends, patterns, and insights of potential insider threat indicators.
Provide analytical, program support services related to the operation of UAM/UEBA tool.
Monitor UAM platform to identify emerging requirements related to insider threat events and coordinate across the enterprise to ensure timely response.
Conduct further research on the UAM platform to identify patterns of concerning behavior related to a potential insider threat risk to the DHS enterprise.
Provide proactive insider threat-based hunting across the DHS enterprise network, leveraging methodologies and behavioral analytics to detect, investigate, and mitigate anomalous activity and policy violations indicative of malicious insider behavior.
Conduct continuous hunt operations across data and log sources, DHS platforms, EDR tools, and network traffic to identify patterns of insider threat behavior.
Identify mitigation strategies to assist the investigative team in effectively reducing insider threat risk.
Utilize UEBA (User and Entity Behavior Analytics) platforms and techniques to baseline user activity and detect deviations.
Provide timely response to critical/high UAM alerts (within 4 hours during normal business hours).
Basic Qualifications
Bachelor’s degree and (12)+ years of prior relevant insider threat experience or Master’s with (10)+ years of prior relevant experience. Additional years of experience with requisite certifications will be considered in lieu of degree.
Minimum of 4 years demonstrated knowledge of the intelligence cycle, analytic techniques, systems, processes, and organizations.
Minimum of 4 years demonstrated knowledge of Threat Assessment & Mitigation Strategies.
Have excellent written and verbal skills with ability to deliver briefings to a diverse group of audiences.
Possess knowledge of current domestic and international threats to U.S. national security interests.
Be adept at establishing networks with relevant security, personnel, and prevention stakeholders to foster program utilization.
Be a self-starter capable of working independently to promote program goals.
Working knowledge of User Activity Monitoring Software (UAM) and solutions.
Working knowledge of Cybersecurity toolsets designed to support ITP mission activities.
Working Knowledge of Open-Source toolsets.
Working Knowledge of Insider Threat Frameworks; Pathway to Violence & Critical Pathway.
Current TS/SCI and Must be a US Citizen.
Ability to obtain DHS EOD SCI and willingness to undergo CI Polygraph.
Preferred Qualifications
Master’s degree from an accredited college or university in Criminal Justice, Homeland security, Cyber Security, or related field
Proven experience (10+ years) in Intelligence Analysis
Experience with User Activity Monitoring products and platforms
Proven experience (4+ years) in Threat Assessment & Mitigation
Certified Counter-Insider Threat Professional - Fundamentals (CCITP-F)
Certified Counter-Insider Threat Professional - Analysis (CCITP-A)
Completion of Center for Development of Security Excellence (CDSE) Insider Threat Detection Analysis Course (ITDAC)
Completion of Workplace Assessment of Violence Risk (WAVR-21) Workshop
Completion of Center for Development of Security Excellence (CDSE) Curriculums; INT311.CU/INT312.CU/CI201.CU
At Leidos, we don’t want someone who “fits the mold” – we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”
If you’re already scheming step 20 while everyone else is still debating step 2... good. You’ll fit right in.
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr