Insider Threat Lead

About the position

The Insider Threat Lead at Tyto Athene is responsible for leading a team that analyzes and investigates high-priority insider threat incidents. This role involves conducting comprehensive all-source analysis to support the insider threat mission, triaging anomalous event data, and producing analytic products to evaluate insider threat risks. The position requires strong analytical skills, effective communication, and the ability to mentor junior analysts.

Responsibilities

• Lead a team performing in-depth analysis and investigation of high-priority insider threat incidents
• Conduct comprehensive all-source analysis in support of the insider threat mission
• Triage anomalous event data
• Access network monitoring, data analytics, and other tools; integrate available information, decipher underlying trends and anomalies; and discern obscure patterns found in the datasets
• Produce all source analytic products in support of the insider threat mission
• Aggregate, analyze, and evaluate available program data sources to evaluate insider threat risk
• Extract and organize data to build metrics, reports, case studies, and trend reports
• Conduct risk assessments and present findings to a variety of audiences, including very senior decision-makers, written and oral presentations
• Conduct research to support ongoing analytic efforts
• Prepare and produce situational awareness and warning reports related to insider threat
• Assist in the preparation and production of analytical reports identifying areas for efficiencies in the production process
• Provide editing and quality control of program products
• Review insider threat information in support of meeting program mission requirements and timelines
• Provide recommendations to contractor and government leadership on ways to improve the insider threat program
• Provide guidance and mentorship to junior insider threat analysts to enhance their skills and capabilities

Requirements

• Bachelor's degree in computer science, Information Technology, or related field and 10 years of relevant experience or a Master's degree and 6 years
• Strong natural aptitude for analytical problem-solving
• Thorough understanding of insider threat program missions
• Basic familiarity with risk-scoring concepts and some exposure to data analytics tools/programs
• Knowledge of User Activity Monitoring (UAM) or User and Entity Behavior Analytics (UEBA) tools
• SIEM Operation
• Understanding of how exploits work and appear within network traffic
• Intrusion detection technology
• Awareness and understanding of popular attack tools and malware
• Ability to communicate effectively the actual status of an insider threat incident, attack, or other issue
• Awareness of tradecraft used by nation state APT actors
• Extremely motivated self-starter with strong written and verbal communication skills, and the ability to create technical reports on analytic findings
• Ability to exercise discretion and confidentiality while performing in highly sensitive roles and missions
• Ability to learn rapidly and begin contributing positively within a cohesive team environment

Nice-to-haves

• Previous experience working as an insider threat analyst
• Experience with operational security, including security operations center (SOC), incident response, threat hunting, digital forensics, and malware analysis
• Knowledge of TCP/IP networking, operating systems, and cybersecurity technologies

Benefits

• Opportunities for career growth and development
• Innovative and teamwork-oriented work environment