Insider Risk Analyst

Work Type: Remote (with the ability to travel to Falls Church, VA or Morrisville, NC as required by client)

Job Type: Full-Time

Clearance: Public Trust

Must be a U.S. Citizen

Benefits: Medical, dental, and vision coverage, 401k matching, generous PTO, paid holidays, professional training opportunities, and even pet insurance to ensure your furry friends are cared for too.

Job Summary

Castalia Systems is seeking an Insider Risk Analyst to enhance the Insider Risk Management (IRM) capabilities within the United States Postal Service and support the complexity and sophistication of insider threats, necessitating a targeted approach with highly skilled personnel who can leverage advanced technologies such as Artificial Intelligence (AI) and Machine Learning (ML).

Roles and Responsibilities

A qualified candidate will perform the following duties and responsibilities, but are not limited to:

• Lead or support insider risk investigations, including evidence preservation and forensic analysis.
• Leverage AI/ML to quickly assess potential threats and enable proactive, informed decisions, including blocking suspicious activities like unauthorized data transfers or flagging risky user behavior.
• Ability to utilize AI/ML and identify, assess, and mitigate potential security threats posed by individuals, leverage AI-driven solutions to analyze data, pinpoint risky behaviors, and generate actionable insights and recommendations for program resilience and mitigation strategies.
• Facilitate and support the coordination and response to active insider threats, collaborating with counterintelligence, threat intelligence, and law enforcement teams.
• Correlate behavioral, contextual, and technical indicators to identify and assess potential insider threat incidents.
• Support investigations by collecting and analyzing digital evidence, documenting findings, and escalating matters to the appropriate parties.
• Monitor user activity data and alerts to identify potential indicators of insider threats. Analyze system logs, network traffic, and endpoint alerts for suspicious activity.
• Correlate data from multiple sources (including user and entity behavior analytics (UEBA), data loss prevention (DLP), security information and event management (SIEM) tools, and endpoint detection and response (EDR) solutions) to detect anomalies and patterns indicative of insider threats.
• Develop and implement detection methods and strategies, including risk scoring and threat analysis tools, and refine alerts based on triage results, understanding of insider threats, and current events.
• Work closely with internal teams such as CISO Operations, Legal, Human Resources, and Counterintelligence, as well as external partners, to address and resolve insider risk incidents.

Required Qualifications

• A Bachelor's degree in computers or other IT, Security related major.
• A minimum of 8 years or more of experience in analyzing technical and non-technical indicators related to insider activity, including user behavior, network activity, system logs, and data access patterns.
• Proficiency in cybersecurity concepts, network protocols, operating systems, encryption, authentication mechanisms, and security tools like SIEM, UEBA, and DLP solutions.
• Utilize AI-powered platforms like User and Entity Behavior Analytics (UEBA) to identify anomalous activities and patterns indicative of insider threats.
• Cultivate and heighten AI/ML models to refine detection capabilities by leading the creation and tuning rules, alerts, and risk scoring models to enhance efficiency and accuracy.
• Familiarity with insider threat regulations, information security reports, and relevant legal and privacy regulations.
• Experience conducting internal investigations, collecting digital evidence while maintaining chain of custody, and understanding forensic analysis tools.
• Strong ability to analyze complex data, identify patterns and trends, apply critical thinking and logic to evaluate evidence, and use quantitative and qualitative methods to assess risk.
• Strong analytical skills to interpret large volumes of data and correlate disparate security signals.
• Knowledge of incident response processes and digital forensics fundamentals related to insider threat scenarios.
• Strong communication skills for cross-team coordination, reporting, and documenting of findings.
• Ethical judgment and discretion, especially when handling sensitive personnel and organizational data.

Desired

• Graduate certificates, specifically in Insider Risk Management and Mitigation to provide in-depth expertise in understanding, investigating, and managing insider threats.
• Knowledge of AI/ML concepts, algorithms, and applications in insider threat detection, including supervised and unsupervised learning, deep learning, and anomaly detection.
• Need a blend of technical, analytical capabilities, and soft skills to navigate the complex world of AI-driven insider threat detection and prevention.
• Hands-on experience in insider threat analysis.

Physical Requirements/Work Environment.

• Normal office environment.

Travel

• Must be willing to travel 0-25% of the time.

Company Description

Castalia Systems is a proven business partner providing mission critical solutions to the Federal Government. We provide cutting edge solutions from Securing and Managing Data to Systems Engineering and Development. Castalia Systems is a pioneer in Artificial Intelligence Design and Application.

With our vast knowledge of our customers' needs and relevant technology, our team is able to bring successful solutions to every mission. We are one-upping our competitors by providing premium IT solutions and platforms with cutting-edge technology so it's so evident when you compare us with anyone.

Disclaimer

Castalia Systems is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.