Leidos is looking for an Insider Threat Analyst with strong hands-on knowledge with the development of insider threat programs and software utilizing big data analytics and various other technologies to join our Cybersecurity Intelligence & Response Team (CSIRT) in Gaithersburg - MD. The analyst will directly support the insider threat detection program and handle the design, testing, deployment, maintenance, operation, and evolution of the system. This will include the development of User Activity Monitoring via data mining and the review of large amounts of various data types to detect and create indicators for potential insider threat activity and other various Tactics Techniques and Procedures (TTPs). The analyst supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Job responsibilities may include: Security Alerting Response, Workflow Management Input, Data Analysis & Correlation, Incident Handling (coordination of resources and response efforts), Threat Classification, Critical Incident Escalation, Mitigation Coordination and embracing defined SOC operational and functional policies and procedures.
- Directly support the insider threat function by integrating, evaluating, and interpreting multiple sources of information to detect foreign, criminal, and insider threats.
- Develop, maintain, and evolve an automated capability to data mine and analyze large volumes of data to identify potential insider threat behaviors, indicators or other activity.
- Create Tactics Techniques and Procedures (TTPs) for identifying insider threats and brief team members and other involved parties on emerging threats.
- Gather, integrate, review, analyze, and respond to information derived from Insider Threat, Counter-Intel, Security, legal, HR and other information sources in order to identify potential insider threat concerns.
- Shall document user activity monitoring triggers and behavioral indicators, which will be utilized to identify potential insider threats. Identify gaps and create necessary adjustments to account for them.
- Serve as technical resource to coworkers and customers and provides as-needed guidance in insider threat detection's, development and other techniques.
- Assist in the proactive identification of new collection methodologies for the Insider Threat Program
- Provide analytic case support to investigations, administrative or security inquiries, counterintelligence risk assessments, or other assessments as needed
- Bachelor's degree and 8-12 years of prior relevant experience in order to operate within the scope contemplated by the level.
- Ability to function in a fast moving and complex collaborative environment, seeking continuous consultation with other analysts and customers, both internal and external to the organization, to leverage analytical and technical expertise.
- Advanced understanding of Insider Threat investigations, reporting, tools, and detection methods.
- Deep Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], services (e.g., web, mail, DNS), and how they interact to provide network communications
- Advanced knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption, etc).
- Demonstrated Experience with Splunk (preferred) or other SIEM-type platforms
- Strong Understanding of managing complex large data set analysis
- US Citizenship is required
- Knowledge of system administration, network, and operating system hardening techniques.
- Programming experience and customized script development (Python preferred)
- Skill in preserving evidence integrity according to standard operating procedures or national standards.
- Knowledge of packet-level analysis.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of operating system command-line tools.
- Ability to exercise judgment when policies are not well-defined.
- Knowledge of database systems.
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- Skilled in conducting trend analysis.
- Able to acquire and maintain a Secret clearance
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:None
Scheduled Weekly Hours:40
Job Family:Cyber Operations
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to email@example.com.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.