Senior Insider Threat Analyst with Security Clearance

Description Founded in 2003, IT Concepts' core values - customer-centricity, teamwork, driven to deliver, innovation, and integrity - ensure we work together to be the best, realize objectives, and make a positive impact in our communities. We intentionally created and sustain our ITC culture that embraces change, experimentation, continuous learning, and improvement. We bring our design thinking problem solving approach that challenges assumptions, prioritizes curiosity, and invites complexity to deliver innovative, efficient, and effective solutions. As we continue to grow in the support of our government customers, we are looking for driven and innovative individuals to join our team. IT Concepts is seeking a highly skilled and experienced Insider Threat Senior Analyst Support to join our team supporting our Federal client Social Security Administration (SSA). The ideal candidate will have a strong background and expertise in Insider Threat and will undertake an agile approach to provide strategic planning support, iterative program improvements, Operations & Maintenance (O&M), and overall programmatic support services for the Office of Information Security (OIS) and its Insider Threat Program Management Officer (PMO). The candidate will collaborate with stakeholders to prioritize data sources for onboarding into risk models and gathering requirements for dashboards to provide a holistic view on operations. Services include supporting and advising the OIS insider threat PMO in the ongoing development of the insider threat products and program roadmap(s), using analytical methods to understand insider risk patterns and establish models for forecasting insider risk scenarios, and providing services to implement, execute, and maintain necessary activities in support of an OIS-wide counter insider threat program. The candidate will provide following services to support and maintain an agency-wide plan and program for insider threat awareness, response consultation, policy enhancement, continuous monitoring, and reporting requirements. During execution of their duties the candidate may be required to deliver and receive sensitive briefings within SSA secured spaces such as the SCIF at SSA or an approved alternate secured location. Responsibilities Support Insider Threat policy and procedure updates for agency, interagency, or federal intelligence community-wide support. Focus on standardization of referral language/templates, triage and escalation, and case management. Assist with the development and implementation of new insider threat alerts to help drive operational maturity and enhance detection and mitigation of events and/or incidents indicative of an insider threat. Provide technical expertise in cyber and insider adversary capabilities and provide assessments of the intentions of adversary groups to conduct computer network exploitation and computer network attack against U.S. private sector and government networks and information systems. Develop methods and procedures to extract data from existing SSA IT systems that may identify potential insider threats. Identify vulnerabilities in SSA IT assets that are susceptible to being used by insider threats. Provide recommendations on new or amended technical indicators for implementation in insider threat detection systems (SIEM, UBA, UAM, etc.) in accordance with approved SSA policies and procedures. Identify, implement, and prioritize new potential risk indicators (PRI) into DLP, SIEM, and UBA. Collaborate with the insider threat team in the enhancement of enterprise-level Standard Operating Procedures for automation and orchestration. Provide cyber intelligence support activities as functions with other OIS intelligence partners such as supply chain and cyber threat analysis units, as analytical functions in collaboration with the SOC, or both. Oversee and initiate reach back support to other federal government insider threat programs to enhance information sharing and collaboration. Assist in the development of counterintelligence/foreign nexus related efforts, to include but not limited to, tailed alerts and policies and drafting of reports. Provide technical expertise in cyber and insider adversary capabilities and provide assessments of the intentions of adversary groups to conduct computer network exploitation and computer network attack against U.S. private sector and government networks and information systems. Conduct analysis of over 4,000 alerts a month across DLP, UBA, and SIEM. Review and disseminate information from cyber news feeds, incident reports, threat briefs, and vulnerability alerts from the intelligence community, law enforcement agencies and other external sources to determine its applicability and impact to the SSA environment. Develop and test new trigger policies within tight timelines to meet emerging security challenges. Develop methods and procedures to extract data from existing SSA IT systems that may identify potential insider threats. Identify vulnerabilities in SSA IT assets that are susceptible to being used by insider threats. Provide monitoring, analysis, and reporting on non-classified cyber activity, trends, and incidents that may often rise to the level of incident threats with the potential to affect the confidentiality, availability, and integrity of the SSA network, which has the potential of posing a national security risk beyond the SSA and to the entire Federal Government enterprise. Utilize findings from risk assessments and trend analysis obtained from analysis of network alerts from various sources within the enterprise and determine possible causes of such alerts. Use that analysis to assist in development of mitigation and remediation control measures. Prepare and present finalized, professional briefings and comprehensive reports on Insider Threat cases referred to the Insider Threat Program Manager in the Office of Emergency Preparedness (OSEP) and the Chief Forensic Investigator in the Office of the Inspector General (OIG) in accordance with formats established in the OIS Insider Threat SOPs and agency writing guides. Collaborate with key stakeholders such as OSEP, UBA, and DLP to identify gaps, areas of growth, and strategic initiatives to further enhance insider threat detection. Monitor external data sources (e.g., cyber intelligence vendor sites, NITTF, CISA, ODNI, NCSC) and use trend analysis and reporting to interpret the relevance and significance of information concerning active and potential insider related threats. Analyze the information to determine which security issues may have an impact on the agency. Submit the analysis using written reports with text, charts, and spreadsheets when requested by the PMO for inclusion in the Insider Threat Work Status Reports. Administrative Responsibilities: Conduct a kickoff meeting to establish program requirements, performance expectations, and logistics associated with all tasks. Includes work order work plan. Conduct weekly status meetings (including Executive briefings) as scheduled by the SSA Task Manager. The candidate shall deliver to the SSA Task Manager Meeting Minutes following the initial Kick-Off meeting, each weekly status update. Provide weekly status reports of activities conducted, number of incidents reviewed by type, and any recommendations for any additional alerts, rules, or configurations in the SSA cyber tools used in the commission of this contract. Provide updates to the SSA Task Manager regarding contract personnel status, actions that would adversely affect the completions of task as outlined in this statement of work. Requirements Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred. 5+ years of experience in Information Security 3+ years of experience in cybersecurity and/or insider threat incident response that must include experience in: Experience with data loss/information protection solutions (Splunk, Microsoft O365, etc.) Identification of potential insider threat tools, tactics, and procedures (TTPs) Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance. 3+ years of experience using tools such as Splunk and Crowdstrike, etc. and experience in extracting data from these systems to detect potential data leaks and prepare assessments. Excellent analytical, problem-solving and presentation skills. Effective communication and interpersonal skills, with the ability to interact with stakeholders at all levels. Must be a US Citizen Benefits The Company We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let's solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork, dedication, and excellence. We hold three ISO certifications (27001:2013, 20000-1:2011, 9001:2015) and two CMMI ML 3 ratings (DEV and SVC). Industry Recognition Growth Inc 5000's Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C. Culture Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner - Mid-Size Companies, Companies Owned by People of Color; Department of Labor's HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation Corporate Breath Award