|Cyber Security Threat Analysts shall conduct technical analyses of user activity data and alerts to identify indicators of insider threats. In addition to producing investigative leads, analysts are expected to review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations. Analysts shall compile results of analyses into reports or analytical products that are concise, accurate, and timely and be capable of presenting the results to team members and management as required.
When supporting a customer inquiry, ask appropriate questions to understand the full scope of the request and conduct analysis with full diligence and discretion.
Produce reports of analysis results for distribution to appropriate insider threat stakeholders.
Work with team members to refine alerts based on triage results and current events.
Contribute to the development of processes and procedures within the CSSP to support improvement of the insider threat program.
Use knowledge of business tools, process, and prior incidents to make recommendations on future Insider Threat activities and areas of focus.
5 years’ experience with a minimum of 2 years in one or more of the following: insider threat, counterintelligence, counterespionage, cyber security, criminal justice, incident response, application security, network security, security operations, security monitoring, or security focused system’s engineering.
Minimum of one year scripting or programming experience in PowerShell, Ruby, Python, Shell/BASH scripting, Java, C/C++, C#, Perl, PL/SQL, or other related languages.
BS degree in Computer Science, MIS, Computer Engineering, Electrical Engineering, or equivalent work experience (work experience may be substituted for formal education).
Knowledge of Data Science techniques such as anomaly detection and machine learning.
Expert level understanding of insider threat analysis, user activity data, and analysis of host-based data.
Experience with the modus operandi of foreign intelligence entities, international threat organizations, and associated Cyber capabilities and operations.
Experience in support of DoD or IC Insider Threat programs and shall possess subject matter expertise with regards to Executive Order (E.O.) 13587, the DNI’s National Counterintelligence and Security Center Insider Threat Task Force Standards, and DoD regulations/guidance regarding Insider Threat.
Experience working in a multi-tenant/service provider environment.
Experience with DoD IA/CND certification and accreditation programs.
KSH Solutions, Inc. – North Charleston, SC