Tyto Athene is searching for an Insider Threat Lead to triage anomalous event data and analyze insider threat program datasets to conduct threat analysis.
Responsibilities:
- Lead a team performing in-depth analysis and investigation of high-priority insider threat incidents
- Conduct comprehensive all-source analysis in support of the insider threat mission
- Triage anomalous event data
- Access network monitoring, data analytics, and other tools; integrate available information, decipher underlying trends and anomalies; and discern obscure patterns found in the datasets
- Produce all source analytic products in support of the insider threat mission
- Aggregate, analyze, and evaluate available program data sources to evaluate insider threat risk
- Extract and organize data to build metrics, reports, case studies, and trend reports
- Conduct risk assessments and present findings to a variety of audiences, including very senior decision-makers, written and oral presentations
- Conduct research to support ongoing analytic efforts
- Prepare and produce situational awareness and warning reports related to insider threat
- Assist in the preparation and production of analytical reports identifying areas for efficiencies in the production process
- Provide editing and quality control of program products
- Review insider threat information in support of meeting program mission requirements and timelines
- Provide recommendations to contractor and government leadership on ways to improve the insider threat program
- Provide guidance and mentorship to junior insider threat analysts to enhance their skills and capabilities
Required
- Bachelor’s degree in computer science, Information Technology, or related field and 10 years of relevant experience or a Master’s degree and 6 years
- Strong natural aptitude for analytical problem-solving
- Thorough understanding of insider threat program missions
- Basic familiarity with risk-scoring concepts and some exposure to data analytics tools/programs
- Knowledge of the following:
- User Activity Monitoring (UAM) or User and Entity Behavior Analytics (UEBA) tools
- SIEM Operation
- Understanding of how exploits work and appear within network traffic
- Intrusion detection technology
- Awareness and understanding of popular attack tools and malware
- Ability to communicate effectively the actual status of an insider threat incident, attack, or other issue
- Awareness of tradecraft used by nation state APT actors
- Extremely motivated self-starter with strong written and verbal communication skills, and the ability to create technical reports on analytic findings
- Ability to exercise discretion and confidentiality while performing in highly sensitive roles and missions
- Ability to learn rapidly and begin contributing positively within a cohesive team environment
Desired:
- Previous experience working as an insider threat analyst
- Experience with operational security, including security operations center (SOC), incident response, threat hunting, digital forensics, and malware analysis
- Knowledge of the TCP/IP networking, operating systems, and cybersecurity technologies
Clearance: Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
