Insider Threat Engineer

Key Required Skills:
Technical Engineering and Automation, Cyber Threat Detection & Analysis, Policy, SOP Development & Reporting

Position Description:

Technical Engineering and Automation

• Engineer, implement, and maintain User Activity Monitoring (UAM) solutions, ensuring continuous visibility into user behavior and privileged activity.
• Build and maintain Splunk dashboards to visualize UAM data, insider threat indicators, and program metrics.
• Automate repetitive tasks and data pipelines using Ansible, Python, or JSON to enhance detection, alerting, and reporting efficiency.
• Support integration of UAM with other enterprise cybersecurity tools and platforms (e.g., SIEM, DLP, EDR, SOAR).
• Collaborate with the SOC, forensic analysts, and cyber threat intel units to enrich UAM data with contextual intelligence.

• Cyber Threat Detection & Analysis

  • Develop and refine methods to extract, analyze, and correlate data from SSA IT systems to proactively detect potential insider threats.
  • Monitor and analyze trends in cyber activity and anomalous behavior to assess risks to SSA's confidentiality, availability, and integrity.
  • Leverage feeds, incident reports, and threat briefs to assess relevance to SSA's environment and enhance the program's threat modeling capability.
  • Collaborate with internal partners such as the cyber threat intelligence, supply chain risk, and forensic investigation teams to share findings and develop holistic mitigations.

• Policy, SOP Development & Reporting

  • Assist with the enhancement and documentation of enterprise-wide Standard Operating Procedures (SOPs) related to Insider Threat use cases and detection logic.
  • Prepare and present insider threat briefings to program leadership and executives, following agency writing and presentation standards.
  Contribute to Insider Threat Work Status Reports with detailed analytics, visuals (charts/dashboards), and recommendations.

Skills Requirements:

FOUNDATION FOR SUCCESS (Basic Qualifications)

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Proven experience in cybersecurity, insider threat analysis, or a related area.
• Demonstrated experience deploying and managing User Activity Monitoring (UAM) solutions in production.
• Proficiency in Splunk including dashboard development, data ingestion, and search optimization.
• Hands-on skills with Ansible, Python, and JSON for automation and data parsing.
• Solid understanding of networking and firewall fundamentals, including how monitoring tools interact across segmented architectures.
• Familiarity with Palo Alto Networks firewalls and their logging capabilities (useful for correlating user activity across layers).
• Strong analytical and problem-solving skills; ability to make data-driven recommendations.
• Excellent written and verbal communication skills, particularly in conveying technical insights to leadership.
• Must be able to obtain and maintain a Public Trust. Contract requirement.

*** Selected candidate must be willing to work on-site in Woodlawn, MD 5 days a week.

FACTORS TO HELP YOU SHINE (Required Skills) These skills will help you succeed in this position:

• Demonstrated experience deploying and managing User Activity Monitoring (UAM) solutions in production.
• Ability to make decisions based upon analysis of documentation.
• Experience with endpoint monitoring tools, SIEM/SOAR integrations, and identity-based risk scoring.
• Working knowledge of DLP, EDR, or behavioral analytics platforms in support of insider threat detection.
• Experience working in a classified environment and delivering briefings in SCIF settings.
• Understanding of NIST 800-53 and related to Insider Threat Programs.

HOW TO STAND OUT FROM THE CROWD (Desired Skills) Showcase your knowledge of modern development through the following experience or skills:

• Experience with federal regulatory requirements and compliance standards related to cybersecurity.
• Knowledge of programing, Splunk automation, network and firewall operations.
• Familiarity with security tools and technologies used for threat detection and analysis.
• Security certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are a plus.

Education:

• Bachelor's degree with 7+ years of experience

Must be able to obtain and maintain a Public Trust. Contract requirement.