AOUSC Insider Threat Analyst Lead

CFocus Softwareorporated

Job Location:

Washington, DC - USA

Monthly Salary: Not Disclosed

Posted on: 23 days ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Insider Threat Analyst Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington DC. This position requires a Public Trust clearance.
Qualifications:

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
5 years experience in conducting in-depth technical analysis of insider threat
3 years experience in conducting behavioral analytics
2 years of experience using Splunk SIEM to correlate cybersecurity alerts.
2 years of experience managing overall case management for cybersecurity investigations.
Active CCITPProgram certification

Duties:

Lead and support the operationalization of the AOUSC Insider Threat Program (InTP) in accordance with NITTF Minimum Standards and Judiciary cybersecurity directives.
Develop and maintain Insider Threat governance frameworks including authorities escalation paths communication cadence workflows and operational procedures.
Collaborate with AO Human Resources (HR) Office of General Counsel (OGC) Insider Threat Branch (ITB) Cybersecurity Triage Incident Response Threat Hunting and Cyber Threat Intelligence teams to support enterprise-wide insider risk management efforts.
Develop coordinate and maintain a comprehensive suite of Standard Operating Procedures (SOPs) supporting Insider Threat operations and investigative processes.
Design document and operationalize insider threat use cases indicators triggers tuning methodologies and feedback loops for integration into the existing SIEM and detection engineering framework.
Support the identification analysis and mitigation of insider threat risks including malicious insiders negligent users privileged misuse policy violations data exfiltration and anomalous user behaviors.
Analyze telemetry user activity endpoint logs audit records and security events to identify potential insider threat activity and emerging organizational risks.
Coordinate with Detection Engineering teams to refine insider threat alerting logic improve visibility and reduce false positives within existing alerting frameworks.
Develop insider threat awareness materials workforce training executive briefings and organizational awareness campaigns.
Provide executive-level and technical reporting on insider threat trends program status organizational risks and operational impacts.
Conduct periodic assessments and audits to evaluate program effectiveness identify process gaps and recommend governance tooling policy and procedural improvements.
Develop and maintain insider threat metrics KPIs and operational reporting dashboards.
Participate in weekly technical meetings and monthly program management reviews with AO stakeholders and leadership.
Prepare written reports meeting minutes executive summaries operational updates and briefing materials supporting government oversight and decision making.
Coordinate insider threat investigations with cybersecurity operations teams while ensuring compliance with legal HR privacy and Judiciary policy requirements.
Support transition-in transition-out operational readiness and knowledge transfer activities in accordance with AOUSC SOD requirements.
Maintain awareness of emerging insider threat trends adversary methodologies behavioral analytics techniques and federal insider threat program best practices.
Provide recommendations for improving insider threat governance training data sources telemetry visibility and operational response capabilities.
Assist in the development of insider threat communication strategies escalation procedures and incident coordination processes.
Support Agile workflows and track operational tasks action items and improvements through Jira and ServiceNow platforms.

Required Experience:

Senior IC

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
5 years experience in conducting in-depth technical analysis of insider threat
3 years experience in conducting behavioral analytics
2 years of experience using Splunk SIEM to correlate cybersecurity alerts.
2 years of experience managing overall case management for cybersecurity investigations.
Active CCITPProgram certification

Duties:

Lead and support the operationalization of the AOUSC Insider Threat Program (InTP) in accordance with NITTF Minimum Standards and Judiciary cybersecurity directives.
Develop and maintain Insider Threat governance frameworks including authorities escalation paths communication cadence workflows and operational procedures.
Collaborate with AO Human Resources (HR) Office of General Counsel (OGC) Insider Threat Branch (ITB) Cybersecurity Triage Incident Response Threat Hunting and Cyber Threat Intelligence teams to support enterprise-wide insider risk management efforts.
Develop coordinate and maintain a comprehensive suite of Standard Operating Procedures (SOPs) supporting Insider Threat operations and investigative processes.
Design document and operationalize insider threat use cases indicators triggers tuning methodologies and feedback loops for integration into the existing SIEM and detection engineering framework.
Support the identification analysis and mitigation of insider threat risks including malicious insiders negligent users privileged misuse policy violations data exfiltration and anomalous user behaviors.
Analyze telemetry user activity endpoint logs audit records and security events to identify potential insider threat activity and emerging organizational risks.
Coordinate with Detection Engineering teams to refine insider threat alerting logic improve visibility and reduce false positives within existing alerting frameworks.
Develop insider threat awareness materials workforce training executive briefings and organizational awareness campaigns.
Provide executive-level and technical reporting on insider threat trends program status organizational risks and operational impacts.
Conduct periodic assessments and audits to evaluate program effectiveness identify process gaps and recommend governance tooling policy and procedural improvements.
Develop and maintain insider threat metrics KPIs and operational reporting dashboards.
Participate in weekly technical meetings and monthly program management reviews with AO stakeholders and leadership.
Prepare written reports meeting minutes executive summaries operational updates and briefing materials supporting government oversight and decision making.
Coordinate insider threat investigations with cybersecurity operations teams while ensuring compliance with legal HR privacy and Judiciary policy requirements.
Support transition-in transition-out operational readiness and knowledge transfer activities in accordance with AOUSC SOD requirements.
Maintain awareness of emerging insider threat trends adversary methodologies behavioral analytics techniques and federal insider threat program best practices.
Provide recommendations for improving insider threat governance training data sources telemetry visibility and operational response capabilities.
Assist in the development of insider threat communication strategies escalation procedures and incident coordination processes.
Support Agile workflows and track operational tasks action items and improvements through Jira and ServiceNow platforms.