Position Title: Insider Threat SR SME / Analyst

Location: Baltimore, MD

Hours: Hybrid- on site 2 days and remote 3 days (subject to change)

Position Summary

Cybervance is a rapidly growing information security and information technology company in Washington, D.C. We are looking to hire a SR SME to support the Insider Threat Program (InTh) on a long-term contract in Baltimore, MD. The position is full time/permanent and will support a US Government civilian agency. This is a hybrid telework position.

Job Requirements

• U.S. Citizen – Active "Top Secret” level clearance and be eligible for SCI. (SF-86 submission required).
• Minimum of 6 years of experience working within an Insider Threat program and/or Counterintelligence program.
• Proficiency in writing and reviewing executive level technical reporting.
• Outstanding organizational and time management skills.
• Excellent customer relations skills.
• Excellent communications skills.
• Experience running an insider threat investigation and the investigative process.
• Experience briefing stakeholders on investigative findings.
• Experience with user behavior analytics tools.
• Experience in data loss prevention.
• Experience performing analysis of log files to include individual host logs, network logs, and firewall logs.
• Working knowledge of common cyber threats such as ransomware, malware, DOS, man-in-the-middle, and phishing.

Certifications/Licenses

• Counterintelligence and/or insider threat analyst certification(s) (e.g., Joint Counterintelligence Training Academy, Department of Defense Counterintelligence Courses, Carnegie Mellon University Insider Threat Programs).
• 4-year degree (information security is preferred, but not required), or equivalent experience.
• Counterintelligence (preferred, not required).
• Insider Threat (preferred, not required).
• Splunk Power User (preferred, not required).

Additional Experience Preferred

• Experience liaising with Office of Inspector General pertaining to investigative hand-offs.
• Experience liaising with local, state, or federal law enforcement pertaining to investigative hand-offs.
• Experience and understanding of legal requirements for the conduct of investigations and the handling of investigative materials.
• Experience with and knowledge of common SOC tools such as Splunk, RSA Security Analytics, and Akamai WAF.
• Experience with financial crimes investigations.
• Investigations.
• Open-Source Intelligence.
• Analysis.
• Evidence Handling.
• Report Writing.
• User Behavior Analytics.
• Case Management.
• Operational Management.
• Documentation Management.
• Project Management.
• ServiceNow experience.
• Splunk experience.

Position Responsibilities

• Gathering and analyzing network traffic information through User Behavior Analytics to identify anomalies or suspicious behaviors that indicate a potential insider threat concern.
• Assist with operational management of Insider Threat team.
• Contribute to insider threat incident response and management reporting.
• Monitoring security events to identify potential insider threat issues and vulnerabilities.
• Conduct vulnerability and threat assessments.
• Analyzes and develops insider threat assessments and reports for the Insider Threat team lead or designated representative.
• Provides insider threat assessment briefings and updates for leadership, and other stakeholders as needed.
• Maintains, manages, and documents systems and/or tools used and the procedures for storing, managing, and sharing of insider threat information.
• Maintains constant communication with other operation teams for collaboration, process optimization, tools tuning, information sharing and insider threat response.
• Conducts classified and open-source review of information for potential insider threat issues.
• Identifying vulnerable processes and/or functional activities to aid in training and mitigation or management of risks.
• Publish annual Insider Threat vulnerability assessment report.
• Publish quarterly trends and analysis report.

Cybervance is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws.