Insider Threat Analyst

Full Time

Job Description

DSA recognizes that the global spread of COVID-19 is a challenging time for everyone. Our #1 priority is the health and safety of our workforce, guests and candidates, and we provide the necessary supplies to maintain safety in the work place. Due to the current situation surrounding COVID-19, our response time and scheduling of interviews may increase. DSA islooking to fill various positions despite the COVID-19 and are managing our workforce within the compliance of all state requirements.

Data Systems Analysts, Inc. is searching for an Insider Threat Analyst to support the Navy Insider Threat Program Organization in Suitland, MD. Successful candidates should have experience providing analytical, technical and programmatic support to include the following:

  • Collect, and subsequently conduct, analysis of information received from deployed agents on the Insight Anomaly Detection System (IADS)
  • Assist in the development and management of Insider Threat Detection Programs
  • Perform one or more of the following: IA, cyber threat analysis, incident response, intrusion detection, network/computer forensics, data loss prevention technologies, enterprise audit analysis, and/or automated Audit/Anomaly Threat Detection technology
  • Conduct information technology audits, incident responses, and/or network monitoring at the Enterprise level, to include the use of security tools to conduct such work
  • Assist in the development and implementation of cyber, IA, security, and insider threat collection, analysis, and production tradecraft
  • Assist in the integration and analysis of multiple relevant security data sources
  • Assist in generating analysis reports and briefing other team members and/or senior management on the analytical findings
  • Utilize excellent writing skills for the development of Tactics, Techniques, and Procedures (TTP) and supporting documentation
  • Use their knowledge of and experience in the use of security information and event management tools (e.g., Client ArcSight and McAfee ePO Host Based Security System, etc.)
  • Conduct security audit scans on the software and hardware in performance of assigned duties.
  • Serve as a member of a Government-led Insider Threat Fusion Cell Analysis Team, with a focus on Information Assurance (IA)/Computer Network Defense (CND) and Security
  • Fulfill the requirements of the DoD 8570.01-M, IA Workforce Improvement Program
  • Provide training on use of the Government Audit/Anomaly Threat Detection technology
  • Receive automated user activity monitoring/audit data and alerts from sensors deployed on Navy's classified and unclassified SCI networks and conduct initial analysis response and feedback of audit data collected to detect cyber and insider threats
  • Provide to the Government, in the form of tracking metrics captured on a daily, weekly, and monthly basis: Event alert types; Number of automated audit event alerts received from deployed sensors; Number of false positive audit event alerts received from deployed sensors; The false positive to audit event alert ratio based on events received from deployed sensors; Number of events reviewed per analyst; Number of inquiries, based on events received, forwarded to IA staff for review; Number of inquiries, based on events received, forwarded to CI entities for review
  • Perform analyses of audit data and alerts to identify anomalosuspicious activity, possible policy or security violations and the individuals responsible, other network or systemic risks presenting an avoidable opportunity for a malicious insider to exploit, and potential insider threats. When needed, shall document and forward findings to the Government Reviewer for further action and provide final analysis and assessment results to the Government and assist the Government in resolving identified discrepancies.
  • Coordinate with applicable points of contact from Personnel Security, CI, LE, IA, Inspector General (IG), Human Resources (HR), and other necessary Mission Business Owners (MBO) to resolve audit alerts as required by documented standard operating procedures for monitoring, detection, response, and reporting activities
  • Collaborate with Government pillar leads of IA, Security, and CI/LE to develop dashboards, filters, and audit policy triggers for audit capabilities and assist in regular trigger refinement based on the analysis of evolving anomaly event activities across the Navy SCI and SIPR network.
  • Support Government Team Leads by engaging with other organizational elements (e.g., CI, Security, CND, IA, etc.) to remain aware of known Advanced Persistent Threats (APT), evolution of cyber security and insider threat technology and methodology, and other related focus areas that could impact operational mission objectives.
  • Work with other team members and departments of the organization to conduct security scans, implement Standard Technical Installation Guides (STIG's), Manual test procedures to test, document result pertaining to the security posture of the system for ATO efforts.
  • Evaluate existing system policies, modify policies to achieve program objectives, and/or develop new policies.
  • Capture, document, develop and provide a Lessons Learned document for the program. The document, at a minimum, shall include: Technical/programmatic gaps and successes and failures identified in the pilot, and recommended solutions, to include cost estimates for technical and Client resources, addressing items identified in the pilot and identifying a path forward to establish Initial Operating Capabilities (IOC) and potential deployment across the Naval Intelligence Enterprise
  • Assist in development of business processes and workflows (technical or functional), SOPs, and documentation
  • Assist in development of: Supporting concepts of operations; Response and reporting processes and procedures for status(non-critical) and referral (critical) events with appropriate authorities (e.g., Security, IA, CI/LE, IG, HR, etc.)
  • Employ current best practices and state-of-the-art cyber, IA, security, and insider threat TTP.
  • Serve as a subject matter expert, participating in meetings, working groups, system demonstrations, and conferences as needed
  • Provide briefings and presentation materials, conference or meeting materials, technical memoranda, and administrative reports in support of this Task Order.
  • Provide the Government with a copy of all documentation developed in support of the Task Order
  • Conduct the required support and respond to tasks within an amount of time agreed upon by the contractor and the Government Lead
  • Work with multiple organizations within the Navy responsible for systems control, integration, testing, security, and maintenance, as well as appropriate privacy and legal authorities and external partners
  • Provide a weekly status report to the Government Team Leads, which shall, at a minimum, include: Work performed during the week, including accomplishments; Plan for work to be performed during the following week; Identification and discussion of any risks or issues pertaining to assigned tasks and their associated deliverable target dates; The report shall be provided in the standard format provided by the Government

Required Experience and/or Certifications
  • Possess a Certified Information Systems Security Professional (CISSP) certification and/or a Security+ certification
  • Possess or shall obtain within six (6) months, certifications demonstrating mastery of Information Assurance Technical (IAT) and/or Information Assurance Management (IAM) Level III, as well as Computer Environment (CE) knowledge and skills at no cost to the government.
  • Active Top Secret security clearance with SCI Eligibility

MUST HAVE AN ACTIVE DOD CLEARANCE ; this will be verified prior to interview. Therefore, can be considered for this position.

Founded in 1963, Data Systems Analysts, Inc. (DSA) has been providing Defense and Federal Government customers' business-driven Information Technology and consulting solutions and services for more than 50 years. DSA's people excel in helping our customers achieve sensitive, mission-critical business goals and objectives. DSA is a 100 percent employee-owned company: every employee has a stake in the success of our company and our customers.Our culture embracestraining and development opportunities that include leadership programs, employee networks, continued education, and much more. We recognize that building expertise in your profession benefits everyone, and our leadership training programs help employees better manage their projects, inspire coworkers and customers to action, and reinforceDSA's guiding principlessince 1963.
We also value the unique combination of skills, abilities, aspirations, and backgrounds of every individual our diversity makes us stronger. We are 100 percent employee-owned through an Employee Stock Ownership Plan (ESOP).DSAemployees receive customizable benefits that are highly competitive in each local market that include a Vanguard 401K.
DSA provides equal employment opportunity for employees and applicants without regard to an individual's protected status; race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/parental status, pregnancy/childbirth or related condition, religion, creed, age, disability, genetic information, veteran status, or any other protected status.

DSA will provide necessary reasonable accommodation to ensure that an individual with a disability who is not able to fully utilize DSA's online job application system is provided with equal opportunity to apply and be considered for all jobs. If you need an accommodation to complete the application process, please email HR or call

Dice Id : 10119839
Position Id : 20-00265
Originally Posted : 3 months ago
Have a Job? Post it