POSITIONS CONTINGENT ON CONTRACT AWARD

KBR is actively seeking skilled professionals across a variety of high-impact cybersecurity roles—from Incident Response and Cyber Hunt to Digital Forensics, Insider Threat, Continuous Monitoring, and Red/Blue Team Operations.

INSIDER THREAT ANALYST

Job Description:
The Insider Threat Analyst is responsible for detecting, investigating, and mitigating insider threats that pose risks to NIWC CSSP networks and subscriber environments. This role involves user activity monitoring (UAM), behavioral analytics, risk assessments, and coordination with counterintelligence and law enforcement teams to prevent data breaches, unauthorized disclosures, and sabotage by trusted insiders. The analyst will work with security teams to ensure that insider threat monitoring …

Key Responsibilities:

• Develop and implement an Insider Threat Program to identify, deter, and mitigate insider risks.
• Monitor and analyze user behavior on classified and unclassified government networks for suspicious activities.
• Utilize User Activity Monitoring (UAM) tools such as Splunk, Forcepoint, Ekran System, and SIEM solutions to detect anomalies.
• Correlate security logs, behavioral analytics, and access patterns to identify indicators of potential insider threats.
• Investigate data exfiltration attempts, unauthorized access, and privilege abuse to prevent intellectual property theft or espionage.
• Conduct risk assessments on personnel, contractors, and third-party vendors to identify individuals with access to sensitive data.
• Coordinate with HR, legal, counterintelligence, and law enforcement agencies to investigate insider incidents.
• Analyze social engineering tactics, policy violations, and suspicious financial activity as part of insider threat investigations.
• Develop and conduct Insider Threat Awareness Training for employees and security teams.
• Maintain compliance with CNSSD 504, DoDD 5205.16, and other DoD insider threat policies.
• Compile detailed reports and risk assessments for senior leadership and cybersecurity teams.
• Ensure separation of duties and accountability in insider threat monitoring and response.
• Document lessons learned and contribute to process improvements for insider threat detection and mitigation.

• Develop and implement an Insider Threat Program to identify, deter, and mitigate insider risks.
• Monitor and analyze user behavior on classified and unclassified government networks for suspicious activities.
• Utilize User Activity Monitoring (UAM) tools such as Splunk, Forcepoint, Ekran System, and SIEM solutions to detect anomalies.
• Correlate security logs, behavioral analytics, and access patterns to identify indicators of potential insider threats.
• Investigate data exfiltration attempts, unauthorized access, and privilege abuse to prevent intellectual property theft or espionage.
• Conduct risk assessments on personnel, contractors, and third-party vendors to identify individuals with access to sensitive data.
• Coordinate with HR, legal, counterintelligence, and law enforcement agencies to investigate insider incidents.
• Analyze social engineering tactics, policy violations, and suspicious financial activity as part of insider threat investigations.
• Develop and conduct Insider Threat Awareness Training for employees and security teams.
• Maintain compliance with CNSSD 504, DoDD 5205.16, and other DoD insider threat policies.
• Compile detailed reports and risk assessments for senior leadership and cybersecurity teams.
• Ensure separation of duties and accountability in insider threat monitoring and response.
• Document lessons learned and contribute to process improvements for insider threat detection and mitigation