Principal, Insider Threat

Company: L3Harris
Location: Melbourne
Posted on: February 12, 2020

Job Description:

Description: Job Title: Principal, Insider ThreatJob Code: CHQ20202701-39754Job Location: Melbourne, FLJob Description:The L3Harris Office of Insider Threat and Counterintelligence is searching for an innovative, technical, and driven leader with experience managing and optimizing an insider threat program.Essential Functions:

• Triage data collected by User Behavior Analytics (UBA), User Activity Monitoring (UAM), DLP, SIEM technologies and other tools to decipher underlying trends or uncover anomalies and discern obscure patterns and attributes of potential insider threat activities.
• Design and implement technical and administrative controls to prevent, detect, and respond to insider threats.
• Consistently evaluate and refine insider threat alerts to enable proactive insider threat detection and reduce false positives.
• Design, develop, review, and finalize insider threat workflows, policies, procedures, guidelines, and training.
• Plan, monitor, define, and analyze key metrics for the day-to-day operations to ensure efficient deployment, optimize resources, and to measure overall effectiveness.
• Create and present executive level insider threat briefings.
• Work collaboratively with insider threat stakeholders to identify high value analytic use cases, onboard additional data sources to support new uses cases, determine the best analytics platform for execution, and the development of analytics and alert criteria to maximize resources.
• Maintain external liaison and relationships with industry partners and United States (U.S.) law enforcement and intelligence agencies to obtain threat information and best practices.
• Prepare insider threat analysis reports and information papers, including recommendations for risk mitigation.Minimum Qualifications:
  • Bachelor's Degree and a minimum of 12 years of prior relevant experience or Graduate Degree and a minimum of 10 years of prior related experience.
  • Active Top Secret/SCI security clearancePreferred Additional Skills:
    • Experience interpreting data from network security tools and infrastructure technologies such as SIEM, firewall, proxies, IPS/IDS devices, full packet capture (FPC), and email platforms.
    • Experience with scripting languages to automate repetitive analysis and tasks. Advanced knowledge of specific scripting tools including Regex, Python, JavaScript, and similar is preferred.
    • Previous experience working on Insider Threat team or Security Operations Centers of large critical infrastructure organizations.
    • Experience integrating industry-recognized network defense frameworks (e.g., MITRE ATT&CKTM, Lockheed Martin Cyber Kill Chain -, Diamond Model, etc.) into network defense processes.
    • Previous experience in the fields of vulnerability analysis, cyber intelligence, threat hunting, malware analysis, opens source intelligence research, and/or digital forensics.
    • Industry certifications (e.g. EC-Council, GIAC, ISC2, etc.).
    • Experience partnering with key stakeholders in conducting threat modeling exercises or in-depth assessments and tests against networks, endpoints, applications, etc., to find flaws with people/process/technology controls and prevent insider threats from materializing.
    • Advanced degree in cybersecurity or related discipline.
    • Demonstrable experience with insider threat detection technologies and tools such as SIEM, UBA, UAM, DLP, etc.
    • Experience with insider threat analysis, security operations, and/or risk mitigation program design.
    • Knowledge of SOC or similar environment methodology, including threat monitoring, intrusion detection, analysis, threat determination, incident handling and remediation tracking.
    • Exceptional problem-solving capabilities and strong documentation and communication skills.
    • Ability to self-manage workload and goals independently in a fast-paced, multi-threaded, and deadline-driven organization.
    • Demonstrable knowledge of tactics, techniques and procedures associated with malicious insider threat activity, i.e., fraud, IP theft, sabotage, espionage, workplace violence, etc.
    • Active Top Secret/SCI security clearance
      

Keywords: L3Harris, Melbourne , Principal, Insider Threat, Other , Melbourne, Florida