Job Description
The purpose of this requirement is to study, analyze, advise, research and develop deliverables to advance the detection, deterrence and mitigation of insider threat activity in the Department of the Navy (DoN), while safeguarding National Security, service information and data on both Navy and civilian contractor’s information systems through the application of knowledge and resources in achieving the Navy’s mission requirements defined herein.
The focus of the services required under this task order is divided into two types: Executive Level including short-term projects, special studies, strategic analyses support, and high-level briefings; and Basic Level including analytical, technical, financial management support, programmatic support, data collection, policy review, process research and adhoc task as applicable
- Collect, and subsequently conduct, analysis of information received from deployed agents on the Insight Anomaly Detection System (IADS).
- Assist in the development and management of Insider Threat Detection Programs.
- Perform one or more of the following areas: IA, cyber threat analysis, incident response, intrusion detection, network/computer forensics, data loss prevention technologies, enterprise audit analysis, and/or automated Audit/Anomaly Threat Detection technology.
- Conduct information technology audits, incident responses, and/or network monitoring at the Enterprise level, to include the use of security tools to conduct such work.
- Assist in the development and implementation of cyber, IA, security, and insider threat collection, analysis, and production tradecraft.
- Assist in the integration and analysis of multiple relevant security data sources.
- Assist in generating analysis reports and briefing other team members and/or senior management on the analytical findings.
- Utilize writing skills for the development of Tactics, Techniques, and Procedures (TTP) and supporting documentation.
- Use their knowledge of and experience in the use of security information and event management tools (e.g., HP ArcSight and McAfee ePO Host Based Security System, etc.)
- Conduct security audit scans on the software and hardware in performance of assigned duties.
- Serve as a member of a Government-led Insider Threat – Fusion Cell Analysis Team, with a focus on Information Assurance (IA)/Computer Network Defense (CND) and Security.
- Fulfill the requirements of the DoDD 8570.01-M, IA Workforce Improvement Program.
- Provide training on use of the Government Audit/Anomaly Threat Detection technology.
- Receive automated user activity monitoring/audit data and alerts from sensors deployed on Navy’s classified and unclassified SCI networks and conduct initial analysis response and feedback of audit data collected to detect cyber and insider threats.
- Provide to the Government, in the form of tracking metrics captured on a daily, weekly, and monthly basis: Event alert types; Number of automated audit event alerts received from deployed sensors; Number of false positive audit event alerts received from deployed sensors; The false positive to audit event alert ratio based on events received from deployed sensors; Number of events reviewed per analyst; Number of inquiries, based on events received, forwarded to IA staff for review; Number of inquiries, based on events received, forwarded to CI entities for review
- Perform analyses of audit data and alerts to identify anomalous/suspicious activity, possible policy or security violations and the individuals responsible, other network or systemic risks presenting an avoidable opportunity for a malicious insider to exploit, and potential insider threats. When needed, the contractor shall document and forward findings to the Government Reviewer for further action. The contractor shall provide final analysis and assessment results to the Government and assist the Government in resolving identified discrepancies.
- Coordinate with applicable points of contact from Personnel Security, CI, LE, IA, Inspector General (IG), Human Resources (HR), and other necessary Mission Business Owners (MBO) to resolve audit alerts as required by documented standard operating procedures for monitoring, detection, response, and reporting activities.
- Collaborate with pillar leads of IA, Security, and CI/LE to develop dashboards, filters, and audit policy triggers for audit capabilities and assist in regular trigger refinement based on the analysis of evolving anomaly event activities across the Navy SCI and SIPR network.
- Support Government Team Leads by engaging with other organizational elements (e.g., CI, Security, CND, IA, etc.) to remain aware of known Advanced Persistent Threats (APT), evolution of cyber security and insider threat technology and methodology, and other related focus areas that could impact operational mission objectives.
- Work with other team members and departments of the organization to conduct security scans, implement Standard Technical Installation Guides (STIG’s), Manual test procedures to test, document result pertaining to the security posture of the system for ATO efforts.
- Evaluate existing system policies, modify policies to achieve program objectives, and/or develop new policies.
- Capture, document, develop and provide a Lessons Learned document for the program. The document, at a minimum, shall include: Technical/programmatic gaps and successes and failures identified in the pilot, and recommended solutions, to include cost estimates for technical and manpower resources, addressing items identified in the pilot and identifying a path forward to establish Initial Operating Capabilities (IOC) and potential deployment across the Naval Intelligence Enterprise
- Assist in development of business processes and workflows (technical or functional), SOPs, and documentation. Unless otherwise directed, the contractor shall use Government-supplied format.
- Assist in development of: Supporting concepts of operations; Response and reporting processes and procedures for status (non-critical) and referral (critical) events with appropriate authorities (e.g., Security, IA, CI/LE, IG, HR, etc.)
- Employ – under Government direction – current best practices and state-of-the-art cyber, IA, security, and insider threat TTP.
- Serve as a subject matter expert, participating in meetings, working groups, system demonstrations, and conferences as needed.
- Provide briefings and presentation materials, conference or meeting materials, technical memoranda, and administrative reports in support of this Task Order.
- Provide the Government with a copy of all documentation developed in support of the Task Order.
- Conduct the required support and respond to tasks within an amount of time agreed upon by the contractor and the Government Lead.
- Work with multiple organizations within the Navy responsible for systems control, integration, testing, security, and maintenance, as well as appropriate privacy and legal authorities and external partners.
- Provide a weekly status report to the Government Team Leads, which shall, at a minimum, include: Work performed during the week, including accomplishments; Plan for work to be performed during the following week; Identification and discussion of any risks or issues pertaining to assigned tasks and their associated deliverable target dates; The report shall be provided in the standard format provided by the Government.