4154 Insider Threat Systems Engineer

OVERVIEW:

The Senior Computer Systems Engineer/Architect will be responsible for the design, integration, implementation, and ongoing support of advanced insider threat detection systems and supporting technologies within the agencies Insider Threat Operations Center (ITOC). This position requires advanced technical expertise, strong documentation and training skills, and the ability to support and enhance a complex, highly secure enterprise environment.

GENERAL DUTIES:

1. System Design and Architecture

• Develop a comprehensive system architecture plan, detailing the design, components, interfaces, and data flows for an enhanced insider threat detection system.
• Ensure architectural compatibility with existing applications and enable future scalability to support evolving requirements.

2. Integration Planning and Implementation

• Create a detailed integration plan specifying steps, resources, and timelines to implement enhanced insider threat capabilities, with full execution within 180 days.
• Minimize operational disruptions during integration and coordinate across multiple stakeholders and technical teams.

3. Documentation and Technical Manuals

• Develop and maintain comprehensive and up-to-date documentation, including system design documents, integration procedures, and technical manuals.
• Ensure documentation is easily accessible and tailored to relevant stakeholders.

4. Training and Support

• Deliver a minimum of two annual in-house training sessions for UAM/UBA systems to analyst staff and new personnel, providing certification upon completion.
• Offer ongoing technical support during and after integration, ensuring personnel are proficient in system operation, maintenance, and troubleshooting.

5. Engineering and Security Support

• Provide support for security engineering, integration, and deployment of security technologies for both insider and external threats.
• Resolve UAM component issues within 48 hours; acknowledge government requests within 1 hour during business hours.
• Enhance and deploy IT systems for the ITOC, identifying and recommending improvements to quality, cost efficiency, and utility.
• Implement new or replacement security service solutions and extend system capabilities for new data sources.

6. Threat Intelligence and Data Integration

• Integrate automated threat intelligence/data feeds with the Enterprise Data Lake and Single Pane of Glass (SPOG) within 10 working days of feed availability.
• Provide engineering, operations, maintenance, and project support for SPOG, UEBA, UAM, Case/Data Management, Workflow, AI/ML services, Endpoint Incident Response, Cross Domain Solutions, Data Lakes, and Sentiment Analysis services.

7. API and Systems Integration

• Integrate disparate security systems and data feeds using APIs (primarily Python for SOAP/REST APIs).
• Support integration of multiple security sensors and systems across the enterprise.

8. Vulnerability and Security Assessment

• Conduct and coordinate weekly (or as directed) vulnerability scans on multiple networks and systems in support of FISMA requirements.
• Collaborate with system owners/admins/ISSOs to notify, execute, and report scan results.
• Support security assessments by defining scope, developing test plans, analyzing results, and preparing reports and briefings.

9. Compliance and Reporting

• Monitor and report on scan coverage quarterly and provide technical analysis of scan results monthly or as requested.
• Support baseline compliance and accreditation efforts for information systems and applications per agency guidelines.
• Apply advanced analytic techniques to IT system logs to detect threats, APTs, and cyber intrusions.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related field (Master's preferred).
• 8+ years of experience in systems engineering/architecture, with a focus on security and large-scale enterprise environments.
• Expertise in insider threat detection, User Activity Monitoring (UAM), User Entity and Behavior Analytics (UEBA), and integration of security solutions.
• Proficiency in Python and experience with SOAP/REST APIs for security systems integration.
• Strong knowledge of enterprise data lakes, case/data management, workflow, endpoint incident response, and cross-domain solutions.
• Experience conducting vulnerability assessments and supporting FISMA compliance.
• Excellent documentation, technical writing, and training delivery skills.
• Strong analytical and problem-solving abilities, with proven project management skills.

DESIRED QUALIFICATIONS:

• Federal agency experience, particularly with insider threat or cyber operations programs.
• Experience with AI/ML solutions, sentiment analysis, and emerging security technologies.
• Relevant certifications (e.g., CISSP, CISM, CEH, GIAC).

CLEARANCE:

• TS/SCI minimum