ECS is seeking a Cyber Security Lead Analyst to work in our Adelphi, MD office. Please Note: This position is contingent upon contract award.
The Cyber Insider Threat Analyst shall conduct technical analyses of user activity data and alerts to identify indicators of insider threats. In addition to producing investigative leads, analysts are expected to review data pursuant to directed requests in support of civil, workplace, counterintelligence, or law enforcement inquiries/investigations. Analysts shall compile results of analyses into reports or analytical products that are concise, accurate, and timely and be capable of presenting the results to team members and management as required.
- Triage insider threat alerts by correlating insider threat data with other data sources to determine potential indications of malicious or risky insider activity.
- When supporting a customer inquiry, ask appropriate questions to understand the full scope of the request and conduct analysis with full diligence and discretion.
- Produce reports of analysis results for distribution to appropriate insider threat stakeholders.
- Work with team members to refine alerts based on triage results and current events.
- Contribute to the development of processes and procedures within the CSSP to support improvement of the insider threat program.
- Use knowledge of business tools, process, and prior incidents to make recommendations on future Insider Threat activities and areas of focus.
- Active TS/SCI Clearance
- Master's degree with 6-8 years of experience
- or a Bachelor's degree with 8-10 years of experience in the subject or area related to information technology of computer science
- ??DoD 8570 IAT II Certifications
- Knowledge of CJCSM 6510.01B
- Experience with Digital Forensics
- Expert knowledge of Incident Response Procedures and Packet Analysis
- Extensive knowledge of IDS/IPS solutions
- Extensive familiarity with various Host-Based Tools
- Experience with Log Aggregation Tools.
- 5 years' experience with a minimum of 2 years in one or more of the following: insider threat, counterintelligence, counterespionage, cyber security, criminal justice, incident response, application security, network security, security operations, security monitoring, or security focused system's engineering.
- Minimum of one year scripting or programming experience in PowerShell, Ruby, Python, Shell/BASH scripting, Java, C/C++, C#, Perl, PL/SQL, or other related languages.
- Experience with policy and oversight activities at the program or agency level
- Knowledge of Data Science techniques such as anomaly detection and machine learning.
- Hands on experience with Counter Intelligence and/or user activity monitoring with insider threat program experience.
- Experience with the modus operandi of foreign intelligence entities, international threat organizations, and associated Cyber capabilities and operations.
- Experience in support of DoD or IC Insider Threat programs and shall possess subject matter expertise with regards to Executive Order (E.O.) 13587, the DNI's National Counterintelligence and Security Center Insider Threat Task Force Standards, and DoD regulations/guidance regarding Insider Threat.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.