United States onlyMaveris is an IT and cybersecurity services company committed to helping organizations create secure digital solutions to accelerate their mission. Originally founded as a Veteran-owned company, we remain deeply committed to supporting veterans and proudly serving customers across the Federal Government and private sector. We have an opening for a full-time, permanent Senior Insider Threat Analyst to join our talented, dynamic team in support of a large Federal Government customer.
We are seeking a highly skilled and motivated Senior Insider Threat Analyst with expertise in Splunk and User Behavior Analytics (UBA). The ideal candidate will play a critical role in identifying and mitigating potential insider threats by analyzing user behaviors, defining abnormal patterns, and developing custom analytics and detections within our organization's security framework.
Veterans are encouraged to apply.
Candidates must be located within driving distance to Washington, DC to be onsite as needed.
Duties
- Review and analyze log files from various sources such as Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and host logs to report any unusual or suspect activities.
- Provide targeted detection and analysis, including the development of custom signatures and log queries and analytics for the identification of insider-based threats.
- Experience identifying anomalous user behavior and leveraging data sources to uncover potential internal security risks.
- Analyze data from User Activity Monitoring (UAM) and User Entity Behavioral Analytics (UEBA) tools.
- Define abnormal behaviors and establish patterns that may indicate insider-based threats, considering the unique characteristics of the organization.
- Develop and implement custom analytics and detection mechanisms in Splunk to proactively identify insider threat-based activities.
- Collaborate with various teams (including incident response) to investigate and respond to potential insider threats promptly.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed threat.
- Conduct research, analysis, and correlation and trend analysis across a wide variety of all source data sets (indications and warnings).
- Provide recommendations and custom solutions to counter insider threat activity.
- Provide detailed technical reports that articulate suspicious user activity, including timelines, behaviors observed, and the analytical rationale behind findings.
- Reports should be suitable for both technical audiences and leadership that will support any investigative or legal follow up
- Identify insider threat-based use-cases for automation using a Security Orchestration and Automation (SOAR).
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degrees or certifications (e.g., CISSP, GIAC) are a plus
- 4+ Years Experience performing Insider Threat Based Analysis
- Proven experience in user behavior analytics and insider threat detection
- MUST be a Subject Matter Expert (SME) and expert with Splunk Query Language
- Experience with common threat hunting solutions including Splunk, packet analysis (e.g., Wireshark), NetFlow, QRadar or other SIEMs, etc.
- In-depth understanding of the MITRE ATTCK and Cyber Kill Chain methodologies
- Experience and understanding of NIST SP-800-61, US CERT, and Office of Management and Budget (OMB) Standards
- Experience using ticketing systems to include ServiceNow (SNOW)
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
- Scripting experience, such as Python, PowerShell, etc. is a plus
- In-depth knowledge of security frameworks, best practices, and industry standards
- Experience in developing and implementing custom analytics and detection mechanisms
- Excellent analytical and problem-solving skills, with attention to detail
- Strong communication skills, both written and verbal
- Ability to work independently and collaboratively in a fast-paced, dynamic environment
- Relevant certifications and trainings are a plus (e.g., CCIP, GCIH, GCFE, GCIA, GCFA, GNFA, GCTI, GREM, CISSP)
Benefits
Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:
- 401(k) with company match
- Dental Insurance
- Health Insurance
- Vision Insurance
- Life Insurance
- Paid Time Off
About Maveris
Maveris offers exceptional, mission-focused, solutions to organizations facing highly complex IT, digital, and cybersecurity challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!
To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.
