System Administration - Insider Threat

Position Overview

The Cybersecurity System Administrator requires an associates degree or certificate from a technical training institute and a minimum of five years of related technical experience in supporting an Information Technology (IT) environment.

The Cybersecurity Specialist serving as a System Administrator within the Insider Threat (InT) team is responsible for configuring maintaining and operating network infrastructure that supports the InT mission. This role ensures that IT systems remain secure stable and optimized to protect sensitive operations.

The System Administrator will perform the following responsibilities:

• Configure and maintain systems supporting InT operations.
• Monitor networks continuously to detect suspicious activity and enhance overall cybersecurity posture.
• Monitor server application for availability latency and gateway queuing and maintain current knowledge of vendor upgrades and patches for both the server and client applications.
• Analyze security incidents and implement effective incident response plans.
• Manage and secure systems user accounts and access controls.
• Perform regular updates patches and backups.
• Ensure User Activity Monitoring (UAM) tools and processes adhere to Committee on National Security Systems Directive 504 (CNNSD-504).
• Monitor the server application system and security logs using various tools such as Microsoft Operational Management server VMWare vSphere Qwest Auditor and NetIQ.
• Possess knowledge of other Microsoft products used to manage an enterprise operation.
• Ability to develop project management documentation.
• Ability to work without guidance.
• Ability to manage and initiate projects.
• Other duties as assigned.

CNNSD-504 Compliance:

This directive mandates stringent safeguards to protect national security systems against insider threats: individuals with authorized access who may attempt to exploit compromise or disclose classified information. Compliance with CNNSD-504 is vital to early detection and mitigation of these risks.

Analyzing User Activity Data:

Identify suspicious and/or anomalous behavior patterns or policy violations. Generate reports on user activity and trends. Set up and respond to activity-based alarms. Investigate security incidents and provide evidence. Ensure compliance with data privacy regulations.

• Review the alerts of the tool(s) for evaluation and when necessary furtherance to the agency InT Coordinator.
• Report validated triggers/anomalies detected immediately to the InT insider threats whether intentional or unintentional by monitoring user activity for suspicious behavior such as unauthorized access to sensitive data classified platforms unusual file transfers and excessive access attempts.
• Conduct daily all-source integration and analysis of information to establish normal baseline activities to include indicators of anomalous activity and privileged user activity logs.
• Initiate Cyber Analysis and Response Team (CART) case procedures. Notify the Information Technology Directorate (ITD) Network Operations Security Center (NOSC) of actionable alerts and threats to the networks initiated by or attributable to users.
• Provide professional advice regarding the agency level policy detailing the use of a Focused Observation capability for the monitoring of a specific user.
• Prevent data breaches.
• Ensure compliance by providing a record of user activity and demonstrating an adherence to policies.
• Ensure data security by monitoring access and usage.
• Provide activity reports from data collection that will provide insights into user activity allowing for analysis of trends and areas for improvement.
• Provide data analysis to identify potential security risks and compliance violations.
• Enforce security policies by monitoring user actions and alerting administrators to violations such as logon failures account lockouts and attempts to access restricted websites or applications.
• Ensure that UAM data associated to an insider threat inquiry or investigation is stored for a minimum of 5 years.
• Annually (at the least) review triggers thresholds and alerts.
• Interface with ITD on InT cybersecurity support including but not limited to maintenance of the data transfer portal site Classified Support Team (CST) support regarding UAM cross-domain solution capabilities in the Classified Document Registry (CDR) Director Office (DIRO) Security Office and Special Access Program Central Office (SAPCO).

Experience working with various classification levels (e.g. Unclassified Secret Top Secret) isrequired; SCI and SAP are preferred.

Required Role Qualifications:

• 8140.03 work role (System Administrator) compliance (immediate level)

(Cloud GICSP GSEC Security SSCP)

• Technical Skills:
  • Strong understanding of security principles risk management framework (RMF) and security controls.
  • Familiarity with SIEM security architecture and SIEM oriented cybersecurity tools.
  • Proficiency in conducting vulnerability assessments penetration testing and security control validation.
  • Experience with security assessment tools and technologies.
  • Familiarity with operating systems networking protocols and security architectures.
  • Knowledge of security-hardening techniques and best practices.
    
• Communication Skills:

Excellent written and verbal communication skills with the ability to effectively communicate technical information to both technical and non-technical audiences.

Preferred Qualifications:

• Experience with Security Information and Event Management (SIEM) type systems used to collect and analyze security data to identify and respond to potential threats.
• Knowledge of security automation and orchestration tools.
• Familiarity with agile development methodologies.

Additional Information

• This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities duties and/or responsibilities that are required for this position that are not listed in this job description.
• In compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

• System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.

• System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race color religion age national origin ancestry ethnicity gender gender identity gender expression sexual orientation marital status veteran status disability genetic information citizenship status or membership in any other group protected by federal state or local law.
• Equal opportunity legal notices can be viewed on the following PDFs: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination

Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a or email address.