Principal, Insider Threat
Posted on: February 12, 2020
Description: Job Title: Principal, Insider ThreatJob Code:
CHQ20202701-39754Job Location: Melbourne, FLJob Description:The
L3Harris Office of Insider Threat and Counterintelligence is
searching for an innovative, technical, and driven leader with
experience managing and optimizing an insider threat
- Triage data collected by User Behavior Analytics (UBA), User
Activity Monitoring (UAM), DLP, SIEM technologies and other tools
to decipher underlying trends or uncover anomalies and discern
obscure patterns and attributes of potential insider threat
- Design and implement technical and administrative controls to
prevent, detect, and respond to insider threats.
- Consistently evaluate and refine insider threat alerts to
enable proactive insider threat detection and reduce false
- Design, develop, review, and finalize insider threat workflows,
policies, procedures, guidelines, and training.
- Plan, monitor, define, and analyze key metrics for the
day-to-day operations to ensure efficient deployment, optimize
resources, and to measure overall effectiveness.
- Create and present executive level insider threat
- Work collaboratively with insider threat stakeholders to
identify high value analytic use cases, onboard additional data
sources to support new uses cases, determine the best analytics
platform for execution, and the development of analytics and alert
criteria to maximize resources.
- Maintain external liaison and relationships with industry
partners and United States (U.S.) law enforcement and intelligence
agencies to obtain threat information and best practices.
- Prepare insider threat analysis reports and information papers,
including recommendations for risk mitigation.Minimum
- Bachelor's Degree and a minimum of 12 years of prior relevant
experience or Graduate Degree and a minimum of 10 years of prior
- Active Top Secret/SCI security clearancePreferred Additional
- Experience interpreting data from network security tools and
infrastructure technologies such as SIEM, firewall, proxies,
IPS/IDS devices, full packet capture (FPC), and email
- Experience with scripting languages to automate repetitive
analysis and tasks. Advanced knowledge of specific scripting tools
- Previous experience working on Insider Threat team or Security
Operations Centers of large critical infrastructure
- Experience integrating industry-recognized network defense
frameworks (e.g., MITRE ATT&CKTM, Lockheed Martin Cyber Kill
Chain -, Diamond Model, etc.) into network defense processes.
- Previous experience in the fields of vulnerability analysis,
cyber intelligence, threat hunting, malware analysis, opens source
intelligence research, and/or digital forensics.
- Industry certifications (e.g. EC-Council, GIAC, ISC2,
- Experience partnering with key stakeholders in conducting
threat modeling exercises or in-depth assessments and tests against
networks, endpoints, applications, etc., to find flaws with
people/process/technology controls and prevent insider threats from
- Advanced degree in cybersecurity or related discipline.
- Demonstrable experience with insider threat detection
technologies and tools such as SIEM, UBA, UAM, DLP, etc.
- Experience with insider threat analysis, security operations,
and/or risk mitigation program design.
- Knowledge of SOC or similar environment methodology, including
threat monitoring, intrusion detection, analysis, threat
determination, incident handling and remediation tracking.
- Exceptional problem-solving capabilities and strong
documentation and communication skills.
- Ability to self-manage workload and goals independently in a
fast-paced, multi-threaded, and deadline-driven organization.
- Demonstrable knowledge of tactics, techniques and procedures
associated with malicious insider threat activity, i.e., fraud, IP
theft, sabotage, espionage, workplace violence, etc.
- Active Top Secret/SCI security clearance
Keywords: L3Harris, Melbourne , Principal, Insider Threat, Other , Melbourne, Florida
Didn't find what you're looking for? Search again!