Tyto Athene is searching for an Insider Threat Lead to triage anomalous event data and analyze insider threat program datasets to conduct threat analysis.
Responsibilities:
Lead a team performing in-depth analysis and investigation of high-priority insider threat incidents
Conduct comprehensive all-source analysis in support of the insider threat mission
Triage anomalous event data
Access network monitoring, data analytics, and other tools; integrate available information, decipher underlying trends and anomalies; and discern obscure patterns found in the datasets
Produce all source analytic products in support of the insider threat mission
Aggregate, analyze, and evaluate available program data sources to evaluate insider threat risk
Extract and organize data to build metrics, reports, case studies, and trend reports
Conduct risk assessments and present findings to a variety of audiences, including very senior decision-makers, written and oral presentations
Conduct research to support ongoing analytic efforts
Prepare and produce situational awareness and warning reports related to insider threat
Assist in the preparation and production of analytical reports identifying areas for efficiencies in the production process
Provide editing and quality control of program products
Review insider threat information in support of meeting program mission requirements and timelines
Provide recommendations to contractor and government leadership on ways to improve the insider threat program
Provide guidance and mentorship to junior insider threat analysts to enhance their skills and capabilities
Required
Bachelor's degree in computer science, Information Technology, or related field and 10 years of relevant experience or a Master's degree and 6 years
Strong natural aptitude for analytical problem-solving
Thorough understanding of insider threat program missions
Basic familiarity with risk-scoring concepts and some exposure to data analytics tools/programs
Knowledge of the following:
User Activity Monitoring (UAM) or User and Entity Behavior Analytics (UEBA) tools
SIEM Operation
Understanding of how exploits work and appear within network traffic
Intrusion detection technology
Awareness and understanding of popular attack tools and malware
Ability to communicate effectively the actual status of an insider threat incident, attack, or other issue
Awareness of tradecraft used by nation state APT actors
Extremely motivated self-starter with strong written and verbal communication skills, and the ability to create technical reports on analytic findings
Ability to exercise discretion and confidentiality while performing in highly sensitive roles and missions
Ability to learn rapidly and begin contributing positively within a cohesive team environment
Desired:
Previous experience working as an insider threat analyst
Experience with operational security, including security operations center (SOC), incident response, threat hunting, digital forensics, and malware analysis
Knowledge of the TCP/IP networking, operating systems, and cybersecurity technologies
Clearance: Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.