Insider Threat Analyst III

About The Position

Requirements

• 5+ years experience in security.
• Bachelor’s degree in a related field.
• Additional years of experience may be substituted for degree requirements.
• Must hold the ITIL v3 or v4 Foundations certification or be able to obtain the certification within 60 days of hire.
• Must be detail oriented and possess the ability to work in a multi-disciplined environment with an adaptive personality.
• Strong analytical and communication skills.
• Must be a team player able to work professionally and collaboratively with the government customer and other contract members of the project team.
• Must be able to provide support in a 24/7/365 environment including occasionally covering shifts outside of the assigned shift and/or providing after hours, weekend, or holiday support as needed on a rotational basis.
• Must be able to travel to CONUS sites to provide TDY support.
• Must be a US citizen and hold a current Secret clearance.
• Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

Responsibilities

• Work with the AFCENT Insider Threat working group to establish a mature Insider Threat management capability, capable of detecting and reporting Insider Threats to relevant parties including (but not limited to) Commanders, Law Enforcement, Mental Health, Cybersecurity, Counter-Intelligence, Security, Civilian and Military personnel management, and Legal.
• Support the AFCENT Insider Threat office and Office of Special Investigations (OSI) in their execution of the Command Insider Threat program.
• Conduct Insider Threat Operations by leveraging available host, network, intelligence, and dynamic data acquisition technologies in order to identify, characterize, and counter Insider Threats.
• Employ User Activity Monitoring (UAM) capabilities to detect anomalous insider activity.
• Conduct auditing and data collection in support of Insider Threat cases and investigations.
• Provide on-site support and on-call response to operate, maintain, and audit UAM tools for all network locations provided by the Authorizing Official (AO).
• Perform analysis of findings developed by OSI and supporting organizations during insider threat operations.
• Develop metrics and trends to identify internal cyber threat actors attempting to commit espionage or attempting to compromise IS located at all network locations under the AOs responsibility.
• Conduct tuning of UAM tools IAW DoD, OSD, and Air Force guidance.
• Work with Cybersecurity Engineering personnel to O&M of UAM tools.
• Provide relevant data and briefing support to the Command Insider Threat office.
• Participate and provide support to the AFCENT Insider Threat working group.
• Work with the AFCENT Insider Threat Working Group to identify thresholds and create Insider Threat triggers.