The Role
Lead the AOUSC Insider Threat Program, managing threats, developing governance frameworks, and coordinating with cybersecurity teams to enhance organizational security.
Summary Generated by Built In
cFocus Software seeks a Insider Threat Analyst Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
Duties:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years’ experience in conducting in-depth technical analysis of insider threat
- 3+ years’ experience in conducting behavioral analytics
- 2+ years of experience using Splunk SIEM to correlate cybersecurity alerts.
- 2+ years of experience managing overall case management for cybersecurity investigations.
- Active CCITP Program certification
Duties:
- Lead and support the operationalization of the AOUSC Insider Threat Program (InTP) in accordance with NITTF Minimum Standards and Judiciary cybersecurity directives.
- Develop and maintain Insider Threat governance frameworks including authorities, escalation paths, communication cadence, workflows, and operational procedures.
- Collaborate with AO Human Resources (HR), Office of General Counsel (OGC), Insider Threat Branch (ITB), Cybersecurity Triage, Incident Response, Threat Hunting, and Cyber Threat Intelligence teams to support enterprise-wide insider risk management efforts.
- Develop, coordinate, and maintain a comprehensive suite of Standard Operating Procedures (SOPs) supporting Insider Threat operations and investigative processes.
- Design, document, and operationalize insider threat use cases, indicators, triggers, tuning methodologies, and feedback loops for integration into the existing SIEM and detection engineering framework.
- Support the identification, analysis, and mitigation of insider threat risks including malicious insiders, negligent users, privileged misuse, policy violations, data exfiltration, and anomalous user behaviors.
- Analyze telemetry, user activity, endpoint logs, audit records, and security events to identify potential insider threat activity and emerging organizational risks.
- Coordinate with Detection Engineering teams to refine insider threat alerting logic, improve visibility, and reduce false positives within existing alerting frameworks.
- Develop insider threat awareness materials, workforce training, executive briefings, and organizational awareness campaigns.
- Provide executive-level and technical reporting on insider threat trends, program status, organizational risks, and operational impacts.
- Conduct periodic assessments and audits to evaluate program effectiveness, identify process gaps, and recommend governance, tooling, policy, and procedural improvements.
- Develop and maintain insider threat metrics, KPIs, and operational reporting dashboards.
- Participate in weekly technical meetings and monthly program management reviews with AO stakeholders and leadership.
- Prepare written reports, meeting minutes, executive summaries, operational updates, and briefing materials supporting government oversight and decision making.
- Coordinate insider threat investigations with cybersecurity operations teams while ensuring compliance with legal, HR, privacy, and Judiciary policy requirements.
- Support transition-in, transition-out, operational readiness, and knowledge transfer activities in accordance with AOUSC SOD requirements.
- Maintain awareness of emerging insider threat trends, adversary methodologies, behavioral analytics techniques, and federal insider threat program best practices.
- Provide recommendations for improving insider threat governance, training, data sources, telemetry visibility, and operational response capabilities.
- Assist in the development of insider threat communication strategies, escalation procedures, and incident coordination processes.
- Support Agile workflows and track operational tasks, action items, and improvements through Jira and ServiceNow platforms.
Skills Required
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or related field
- 5+ years conducting technical analysis of insider threat
- 3+ years conducting behavioral analytics
- 2+ years using Splunk SIEM for cybersecurity alerts
- 2+ years managing case management for cybersecurity investigations
- Active CCITP Program certification
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
