Insider Threat Mid Analyst
North Charleston, South Carolina, United States
Insider Threat Analysts shall conduct technical analyses of user activity data and alerts to identify indicators of insider threats. In addition to producing investigative leads, analysts are expected to review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations. Analysts shall compile results of analyses into reports or analytical products that are concise, accurate, and timely and be capable of presenting the results to team members and management as required.
Position Requirements and Duties:
- Conduct technical analyses of user activity data and alerts to identify indicators of insider threats.
- Triage insider threat alerts by correlating insider threat data and other data sources to determine potential indications of malicious or risky insider activity.
- Create a hypotheses and perform analyses using tools to understand user dynamics and behavior.
- Review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations
- When supporting a customer inquiry, ask appropriate questions to understand the full scope of the request and conduct analysis with full diligence and discretion.
- Incorporate complex flows of information into analyses adjusting scope, as necessary, to add additional context to alert triage and inquiries.
- Produce reports of analysis results for distribution to appropriate insider threat stakeholders, management, and team members that are concise, accurate, and timely.
- Present analysis results to management and team member to convey appropriate details in an easy to understand format
- Work with team members to refine alerts based on triage results, understanding of insider threats, and current events.
- Contribute to the development of processes and procedures within the CSSP to support improvement of the insider threat program.
- Use knowledge of business tools, process, and prior incidents to make recommendations on future potential insider threat activities and areas of focus.
- Strong sense of ownership, urgency, and drive.
- Ability to influence others.
- Excellent written and oral communication skills with the ability to explain technically complex issues to a non-technical audience.
- Sharp analytical abilities with proven technical and creative skills.
Highly Desired Skills:
- Bachelor Degree from an accredited University
- Master Degree from an accredited University may reduce years of experience required
- Minimum of one (1) year scripting or programming experience in PowerShell, Ruby, Python, Shell/BASH scripting, Java, C/C++, C#, Perl, PL/SQL, or other related languages in the last three (3) years
- Security related certifications such as OSCP, GIAC, GCIH, GCFA, GCIA, GPEN, GNFA, GCUX, CEH, Linux+, Security+.
- Knowledge of Data Science techniques such as anomaly detection and machine learning.
- Expert level understanding of insider threat analysis, user activity data, and analysis of host-based data.
- Experience with the modus operandi of foreign intelligence entities, international threat organizations, and associated Cyber capabilities and operations.
- Experience in support of DoD or IC Insider Threat programs and shall possess subject matter expertise with regards to Executive Order (E.O.) 13587, the DNI’s National Counterintelligence and Security Center Insider Threat Task Force Standards, and DoD regulations/guidance regarding Insider Threat.
- Experience working in a multi-tenant/service provider environment.
- Experience with DoD IA/CND certification and accreditation programs.
- DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
- 8570 Classification IAT –II & CSSP Analyst
- Minimum five (5) year of experience in one or more of the following: insider threat, counterintelligence, counterespionage, cybersecurity, criminal justice, incident response, application security, network security, security operations, security monitoring, or security focused system’s engineering.
- Possess High school Diploma or GED
- Authorized to view audit records on Central Log Server
Clearance Required: T5/SSBI Investigation
- Long Term Disability
- Basic Life Insurance
- Basic Accidental Death & Dismemberment Insurance
- Direct Payroll Deposit
- Leave Accrual
- Short Term Disability
- Additional (Voluntary) Life Insurance
- Additional (Voluntary) AD&D Insurance
- Medical Coverage
- Dental Coverage
- Vision Care Plan
- Flexible Spending Account Plan
- Online Training
- AFLAC Supplementary Insurances
Spinvi is an Equal Opportunity Employer. Spinvi does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.
Spinvi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Spinvi complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Spinvi expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Spinvi’s employees to perform their job duties may result in discipline up to and including discharge.