Senior Insider Threat Analyst - Woodlawn, United States - IT Concepts

Description

Job Description

Founded in 2003, IT Concepts' core values – customer-centricity, teamwork, driven to deliver, innovation, and integrity – ensure we work together to be the best, realize objectives, and make a positive impact in our communities. We intentionally created and sustain our ITC culture that embraces change, experimentation, continuous learning, and improvement. We bring our design thinking problem solving approach that challenges assumptions, prioritizes curiosity, and invites complexity to deliver innovative, efficient, and effective solutions. As we continue to grow in the support of our government customers, we are looking for driven and innovative individuals to join our team.

IT Concepts is seeking a highly skilled and experienced Insider Threat Senior Analyst Support to join our team supporting our Federal client Social Security Administration (SSA). The ideal candidate will have a strong background and expertise in Insider Threat and will undertake an agile approach to provide strategic planning support, iterative program improvements, Operations & Maintenance (O&M), and overall programmatic support services for the Office of Information Security (OIS) and its Insider Threat Program Management Officer (PMO). The candidate will collaborate with stakeholders to prioritize data sources for onboarding into risk models and gathering requirements for dashboards to provide a holistic view on operations. Services include supporting and advising the OIS insider threat PMO in the ongoing development of the insider threat products and program roadmap(s), using analytical methods to understand insider risk patterns and establish models for forecasting insider risk scenarios, and providing services to implement, execute, and maintain necessary activities in support of an OIS-wide counter insider threat program.

The candidate will provide following services to support and maintain an agency-wide plan and program for insider threat awareness, response consultation, policy enhancement, continuous monitoring, and reporting requirements. During execution of their duties the candidate may be required to deliver and receive sensitive briefings within SSA secured spaces such as the SCIF at SSA or an approved alternate secured location.

Responsibilities

Support Insider Threat policy and procedure updates for agency, interagency, or federal intelligence community-wide support. Focus on standardization of referral language/templates, triage and escalation, and case management.

Assist with the development and implementation of new insider threat alerts to help drive operational maturity and enhance detection and mitigation of events and/or incidents indicative of an insider threat.

Provide technical expertise in cyber and insider adversary capabilities and provide assessments of the intentions of adversary groups to conduct computer network exploitation and computer network attack against U.S. private sector and government networks and information systems.

Develop methods and procedures to extract data from existing SSA IT systems that may identify potential insider threats. Identify vulnerabilities in SSA IT assets that are susceptible to being used by insider threats.

Provide recommendations on new or amended technical indicators for implementation in insider threat detection systems (SIEM, UBA, UAM, etc.) in accordance with approved SSA policies and procedures.

Identify, implement, and prioritize new potential risk indicators (PRI) into DLP, SIEM, and UBA.

Collaborate with the insider threat team in the enhancement of enterprise-level Standard Operating Procedures for automation and orchestration.

Provide cyber intelligence support activities as functions with other OIS intelligence partners such as supply chain and cyber threat analysis units, as analytical functions in collaboration with the SOC, or both.

Oversee and initiate reach back support to other federal government insider threat programs to enhance information sharing and collaboration.

Assist in the development of counterintelligence/foreign nexus related efforts, to include but not limited to, tailed alerts and policies and drafting of reports.

Provide technical expertise in cyber and insider adversary capabilities and provide assessments of the intentions of adversary groups to conduct computer network exploitation and computer network attack against U.S. private sector and government networks and information systems.

Conduct analysis of over 4,000 alerts a month across DLP, UBA, and SIEM.

Review and disseminate information from cyber news feeds, incident reports, threat briefs, and vulnerability alerts from the intelligence community, law enforcement agencies and other external sources to determine its applicability and impact to the SSA environment.

Develop and test new trigger policies within tight timelines to meet emerging security challenges.

Develop methods and procedures to extract data from existing SSA IT systems that may identify potential insider threats. Identify vulnerabilities in SSA IT assets that are susceptible to being used by insider threats.

Provide monitoring, analysis, and reporting on non-classified cyber activity, trends, and incidents that may often rise to the level of incident threats with the potential to affect the confidentiality, availability, and integrity of the SSA network, which has the potential of posing a national security risk beyond the SSA and to the entire Federal Government enterprise.

Utilize findings from risk assessments and trend analysis obtained from analysis of network alerts from various sources within the enterprise and determine possible causes of such alerts. Use that analysis to assist in development of mitigation and remediation control measures.

Prepare and present finalized, professional briefings and comprehensive reports on Insider Threat cases referred to the Insider Threat Program Manager in the Office of Emergency Preparedness (OSEP) and the Chief Forensic Investigator in the Office of the Inspector General (OIG) in accordance with formats established in the OIS Insider Threat SOPs and agency writing guides.

Collaborate with key stakeholders such as OSEP, UBA, and DLP to identify gaps, areas of growth, and strategic initiatives to further enhance insider threat detection.

Monitor external data sources (e.g., cyber intelligence vendor sites, NITTF, CISA, ODNI, NCSC) and use trend analysis and reporting to interpret the relevance and significance of information concerning active and potential insider related threats. Analyze the information to determine which security issues may have an impact on the agency. Submit the analysis using written reports with text, charts, and spreadsheets when requested by the PMO for inclusion in the Insider Threat Work Status Reports.

Administrative Responsibilities:

Conduct a kickoff meeting to establish program requirements, performance expectations, and logistics associated with all tasks. Includes work order work plan.

Conduct weekly status meetings (including Executive briefings) as scheduled by the SSA Task Manager. The candidate shall deliver to the SSA Task Manager Meeting Minutes following the initial Kick-Off meeting, each weekly status update.

Provide weekly status reports of activities conducted, number of incidents reviewed by type, and any recommendations for any additional alerts, rules, or configurations in the SSA cyber tools used in the commission of this contract.

Provide updates to the SSA Task Manager regarding contract personnel status, actions that would adversely affect the completions of task as outlined in this statement of work.

Requirements

Qualifications:

Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.

5+ years of experience in Information Security

3+ years of experience in cybersecurity and/or insider threat incident response that must include experience in:

Experience with data loss/information protection solutions (Splunk, Microsoft O365, etc.)

Identification of potential insider threat tools, tactics, and procedures (TTPs)

Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance.

3+ years of experience using tools such as Splunk and Crowdstrike, etc. and experience in extracting data from these systems to detect potential data leaks and prepare assessments.

Excellent analytical, problem-solving and presentation skills.

Effective communication and interpersonal skills, with the ability to interact with stakeholders at all levels.

Must be a US Citizen

Benefits

The Company

We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let's solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork, dedication, and excellence.

We hold three ISO certifications (27001:2013, :2011, 9001:2015) and two CMMI ML 3 ratings (DEV and SVC).

Industry Recognition

Growth | Inc 5000's Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C.

Culture | Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner – Mid-Size Companies, Companies Owned by People of Color; Department of Labor's HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation Corporate Breath Award

Benefits

We offer great benefits – Competitive Paid Time Off, Medical, Dental and Vision Insurance, Identity Theft Protection, Legal Resources Coverage, 401(k) with company matching with NO vesting period. ITC Health benefits have a $0 premium for certain plans for eligible employees.

We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development. Reimbursement amounts may fluctuate due to IRS limitations. We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking. We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.

We work hard, we play hard. ITC is committed to incorporating fun into every day. We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations. In alignment with our commitment to our communities, we also host and attend charity galas/events. We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.

AAEO & VEVRAA

ITC is an Affirmative Action/Equal Opportunity employer and a VEVRAA (Vietnam Era Veterans' Readjustment Assistance Act) Federal Contractor. As such, any personnel decisions (hire, promotion, job status, etc.) on applicants and/or employees are based on merit, qualifications, competence, and business needs, not on race, color, citizenship status, national origin, ancestry, sexual orientation, gender identity, age, religion, creed, physical or mental disability, pregnancy, childbirth or related medical condition, genetic information of the employee or family member of the employee, marital status, veteran status, political affiliation, or any other factor protected by federal, state or local law.

ITC maintains a strong commitment to compliance with VEVRAA and other applicable federal, state, and local laws governing equal employment opportunity. We have developed comprehensive policies and procedures to ensure our hiring practices align with these requirements.

As a part of our VEVRAA compliance efforts, ITC has established an affirmative action plan that outlines our commitment to the recruitment, hiring, and advancement of protected veterans. This plan is regularly reviewed and updated to ensure its effectiveness.

We encourage protected veterans to self-identify during the application process. This information is strictly confidential and will only be used for reporting and compliance purposes as required by law. Providing this information is voluntary, and it will not impact your eligibility for employment.

Our commitment to equal employment opportunity extends beyond legal compliance. We are dedicated to fostering an inclusive workplace where all employees, including protected veterans, are treated with dignity, respect, and fairness.

How to Apply

To apply to IT Concept Positions- Please click on the: "Apply for this Job" button at the bottom of this Job Description or the button at the top: "Application." Please upload your resume and complete all the application steps. You must submit the application for IT Concepts to consider you for a position. If you need alternative application methods, please email and request assistance.

Accommodations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. If you need to discuss reasonable accommodations, please email