Counter Insider Threat Analyst at Mobius

Come join our team! Mobius is seeking a Counter Insider Threat Analyst to  manage the full range of insider threat identification, investigation, mitigation, and closure for a mid-sized Defense Agency (10,000+ personnel) with support and assistance from national and intra-organizational partners. Staff experienced in risk management will support the execution and refinement of processes, procedures, and analysis of data feeds to identify indicators of potential insider threats. Personnel triage and prioritize potential insider threats via a case management process, and work with Government and contractor colleagues to implement appropriate risk mitigations.

Duties of a Counter Insider Threat Analyst may include: 

• Support execution of the MDA Insider Threat Program IAW DoD Directive 5205.16, MDA Directive 5205.07, Presidential Memorandum, “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Program,” other issuances, and SOPs.
• Assist in the horizontal review and analysis of data feeds from various MDA components, and outside sources to identify potential insider threat behaviors and indicators, and report those finding to the Insider Threat Program Manager.
• Provide interdisciplinary subject matter expertise including, but not limited to investigations, security, counterintelligence, cybersecurity, data analytics, and psychology, to aid in the identification of insiders who may present a risk to the Agency and its mission.
• Assist the Government in developing, maintaining, and evolving an automated capability to data mine and analyze large volumes of data to identify potential insider threat behaviors, indicators or concerns.
• Assist the Government in inter- and intra-organizational communication and coordination with the Defense Insider Threat Management and Analysis Center (DITMAC); Office of the Under Secretary of Defense for Intelligence, National Insider Threat Task Force; and, MDA organizations executing Human Resources, Legal, Security, Counterintelligence, CIO, Internal Review and Equal Employment Opportunity functions.
• Develop and maintain an insider threat triggers and behavioral indicators list to facilitate timely analysis of data feeds. Submit recommended insider threat triggers and behavioral indicators to the Insider Threat Program Manager (ITPM) for review and approval. Deliver updates to the list quarterly.
• Gather, integrate, review, analyze, and respond to information derived from CI, Security, CIO, HR, Law Enforcement, User Activity Monitoring, and other information sources to identify potential insider threat concerns. Data shall require daily analysis to detect behavioral changes indicative of potential insider threats. Data will be available either in manual or electronic format. Develop and deliver Anomalous Activity Reports to the ITPM when the analysis of collected information identifies a potential insider threat. Contractor shall submit draft format for review and approval by the Government. Deliver updates to this report weekly.
• Prepare an annual Counter-Insider Threat self-assessment reports and information papers, including recommendations to mitigate threats to potential insider threat concerns; prepare and maintain insider threat reports, case files, and database entries.
• Update and maintain the MDA Insider Threat SharePoint Portal located on MDA Knowledge Online (MKO).
• Assist in developing and presenting Insider Threat awareness products.
• Assist in the development and execution of bi-weekly Insider Threat Case Management Council meetings. This includes development of agendas, securing meeting logistics, generation of PowerPoint slides and assisting with the assignment, tracking, execution and validation of assigned action items.
• Manage a dedicated isolated network (ISOLAN) for the insider threat program. This will include network maintenance, data migration, data archiving.

Qualifications

• 5 years of relevant experience in Counter-Insider Cyber Threat
• One or more of the following certifications is preferred: CompTIA Net+, CompTIA A+, CompTIA Security +, CPTE Certified Penetration Testing Engineer or CEH, CISSP
• Experience with Splunk preferred.
• Expert proficiency with security monitoring tools, SIEM software desired
• Must have, or be able to obtain, CCITP-F and CCITP-A certification within six months of hire

Education

• BA/BS in related field

Clearance

• TS with SCI eligibility and CI Poly required