**

**Position Title: Cyber Insider Threat Analyst

Location: Baltimore, MD

Hours: Normal business hours

Position Summary

Cybervance is a rapidly growing information security and information technology company in Washington, D.C. We are looking to hire a Cyber Insider Threat Analyst to work within a collaborative insider threat program. This long-term contract is based in Baltimore, MD. The position is full time/permanent and will support a U.S. Government civilian agency. This is a hybrid telework position. You are required to be on site on designated days.

Job Requirements

• U.S. Citizen – Active "Top Secret” level clearance and be eligible for SCI. (SF-86 submission required).

• Experience working within a Security Operations Center (SOC).

• Experience conducting first triage actions with network intrusions.

• Experience with cyber threat hunting.

• Experience with open-source intelligence.

• Proficiency in writing and reviewing executive level technical reporting.

• Intel Analyst experience.

• Splunk experience.

• Experience with and knowledge of common SOC tools such as RSA Security Analytics, and Akamai WAF.

• Experience performing analysis of log files to include individual host logs, network logs, and firewall logs.

• Experience with user behavior analytics tools.

• Experience running a counterintelligence investigation and the investigative process.

• Outstanding organizational and time management skills.

• Excellent customer relations skills.

• Excellent communications skills.

• Experience briefing stakeholders on investigative findings.

• Experience in data loss prevention.

• Working knowledge of common cyber threats such as ransomware, malware, DOS, man-in-the-middle, and phishing.

Certifications/Licenses

• Splunk Power User

• User Entity Behavior Analysis (UEBA) tools i.e., GRA

• Counterintelligence and/or insider threat analyst certification(s) (e.g., Joint Counterintelligence Training Academy, Department of Defense Counterintelligence Courses, Carnegie Mellon University Insider Threat Programs).

• 4-year degree (information security is preferred, but not required), or equivalent experience.

Additional Experience Preferred

• Experience consulting with Office of Inspector General pertaining to investigative hand-offs.

• Experience consulting with local, state, or federal law enforcement pertaining to investigative hand-offs.

• Experience and understanding of legal requirements for the conduct of investigations and the handling of investigative materials.

• Experience with financial crimes investigations.

• Investigations.

• Open-Source Intelligence.

• Analysis.

• Evidence Handling.

• Report Writing.

• User Behavior Analytics.

• Case Management.

• Operational Management.

• Documentation Management.

• Project Management.

• ServiceNow experience.

Position Responsibilities

• Analysts will be trained in both Counterintelligence and Insider Threat procedures. This is a collaborative team.

• Gathering and analyzing network traffic information through User Behavior Analytics to identify anomalies or suspicious behaviors that indicate a potential insider threat concern.

• Assist with operational management of Counterintelligence team.

• Contribute to insider threat incident response and management reporting.

• Monitoring security events to identify potential insider threat issues and vulnerabilities.

• Conduct vulnerability and threat assessments.

• Analyzes and develops insider threat assessments and reports.

• Provides insider threat assessment briefings and updates for leadership, and other stakeholders as needed.

• Maintains, manages, and documents systems and/or tools used and the procedures for storing, managing, and sharing of insider threat information.

• Maintains constant communication with other operation teams for collaboration, process optimization, tools tuning, information sharing and insider threat response.

• Conducts classified and open-source review of information for potential insider threat issues.

• Identifying vulnerable processes and/or functional activities to aid in training and mitigation or management of risks.

• Publish annual / quarterly trends and analysis report.

_ **
**_