Insider Threat Analyst

XOR Security is currently seeking a Cyber Insider Threat Analyst to support an Agency-level Focused Operations (FO) team at DHS. The FO program is part of a purple team that provides comprehensive Computer Network Defense (CND) and Response support through monitoring and analysis of potential threat activity targeting the enterprise.  To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries.  This position will be asked to collect and analyze intelligence (monitoring) regarding cyber threats associated with trusted insiders as well as process and coordinate the response to such threats. The Contractor performs their duties under the direction and guidance of a Team Lead.  The ideal candidate would be familiar with intrusion detection systems (HIDS/NIDS), intrusion analysis, security information event management (SIEM) platforms, endpoint threat detection tools (e.g., EDR), and security operations ticket management.  Hunt operations, while not staffed 24x7, will be on-call seven days a way, 24 hours a day.   

Corporate duties such as solution/proposal development, corporate culture development, mentoring employees, supporting recruiting efforts, will also be required.  Program has on-site requirements in Springfield, VA one or more day a week for all staff. 

Job Responsibilities: 

In support of this task and the activities listed above, the Contractor shall:  

• Provide security event monitoring for all the organization’s unclassified systems for Insider Threat.  

• Collect, document, correlate and analyze security events and incidents impacting the unclassified systems.  
• Analyze network traffic patterns and anomalies expressed within the logs, events, data, and information collected from various sources within the Enterprise and identify and confirm security events, intrusions, attacks, and security breaches.  
• Create, maintain and continually update SOPs, guidelines, reports and other documents pertaining to the operation, maintenance and upkeep of the Cyber Insider Threat program.  
• Collaborate, communicate and coordinate with other components, and/or any other group or entity, to support and facilitate the remediation, mitigation and resolution of security incidents that transpired on target networks.  
• Assess and report the risk or threat level of suspected or confirmed incidents.  

• Provide documentation detailing any additional information that it will collect and maintain for each security investigation. 

Candidate must have the required Qualifications: 

• Must have at least 3 years of experience in a cyber network defense environment with lead position experience preferred.  
• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering. 
• Active Top Secret Clearance and SCI Eligibility. 

• Prior experience and ability to analyze information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response. 
• Strong logical/critical thinking abilities, especially analyzing security events. 
• Knowledge of insider threat types, how to detect them, and knowledge of the types of security risks that can exist within the targeted organization. 
• Knowledge of incident categories, incident responses, and timelines for responses for insider threat cases. 
• A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.). 

• Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment. 

Desired Qualifications: 

• Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required). 

Closing Statement: 

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits. 

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V. 

Citizenship Clearance Requirement 

Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET CLEARANCE REQUIRED!