Insider Threat Engineer - Military veterans preferred

Description

Leidos is seeking a highly skilled and experienced Insider Threat Senior Analyst to support and maintain an enterprise-wide insider threat detection and response program at the Social Security Administration (SSA). This position focuses on advancing the agency’s capabilities in user activity monitoring (UAM), automation, and technical threat detection to prevent unauthorized disclosures, fraud, and abuse. The candidate will be instrumental in delivering analytical and engineering support to the Insider Threat Program Management Office (PMO) and may be required to deliver and receive sensitive briefings within SSA secured spaces such as the SCIF or approved alternate secure locations.

Join a high-performing cybersecurity team responsible for safeguarding the agency’s data and supporting the SSA’s mission to serve over 65 million Americans monthly.

*** Selected candidate must be willing to work on-site in Woodlawn, MD 5 days a week.

If this sounds like a mission you want to be a part of, keep reading!

TEAM CULTURE

Your passion and values might be a good fit for our teams if you answer “yes” to the following questions:

• Are you looking for a company that puts employees first, with a focus on career, flexibility, and well-being?
• Do you enjoy collaborating with colleagues and teammates and believe that the best ideas are fostered in an inclusive environment?
• Are you searching for a team with a strong sense of ownership, urgency, and drive for daily mission success?
• Are you comfortable with proactive outward communication and technical leadership?
• Do you enjoy being a catalyst, solving complex problems, and providing innovative solutions?
• Do you have the flexibility, creativity, and resilience to pivot the mission for success?
• Do you have the courage to make tough ethical decisions with pride, transparency, and respect?

MENTORSHIP & CAREER GROWTH

Our teams are dedicated to supporting new team members in an environment that celebrates knowledge sharing and mentorship. Experienced team members will be assigned to new hires for one-on-one mentoring, collaborative reviews, and coaching on customer engagement to help each new hire successfully onboard and demonstrate their skills. Projects and tasks are assigned in a way that leverages your strengths and will help you further develop your skillset.

Key RESPONSIBILITIES

Every position we take is more rewarding when you know the why behind it. Know your work makes a difference to support those who need it most. If your passion is enabling life changing service to those around, you this is the place for you. Find you passion in a team environment where all members are valued regardless of contractor or employee status.   Find your “Why” with us and take your place in our Leidos Family!!

Technical Engineering and Automation

• Engineer, implement, and maintain User Activity Monitoring (UAM) solutions, ensuring continuous visibility into user behavior and privileged activity.
• Build and maintain Splunk dashboards to visualize UAM data, insider threat indicators, and program metrics.
• Automate repetitive tasks and data pipelines using Ansible, Python, or JSON to enhance detection, alerting, and reporting efficiency.
• Support integration of UAM with other enterprise cybersecurity tools and platforms (e.g., SIEM, DLP, EDR, SOAR).
• Collaborate with the SOC, forensic analysts, and cyber threat intel units to enrich UAM data with contextual intelligence.

Cyber Threat Detection & Analysis

• Develop and refine methods to extract, analyze, and correlate data from SSA IT systems to proactively detect potential insider threats.
• Monitor and analyze trends in cyber activity and anomalous behavior to assess risks to SSA’s confidentiality, availability, and integrity.
• Leverage feeds, incident reports, and threat briefs to assess relevance to SSA’s environment and enhance the program’s threat modeling capability.
• Collaborate with internal partners such as the cyber threat intelligence, supply chain risk, and forensic investigation teams to share findings and develop holistic mitigations.

Policy, SOP Development & Reporting

• Assist with the enhancement and documentation of enterprise-wide Standard Operating Procedures (SOPs) related to Insider Threat use cases and detection logic.
• Prepare and present insider threat briefings to program leadership and executives, following agency writing and presentation standards.
• Contribute to Insider Threat Work Status Reports with detailed analytics, visuals (charts/dashboards), and recommendations.

FOUNDATION FOR SUCCESS (Basic Qualifications)

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Additional years of experience may be substituted in lieu of degree.
• 4-8 years of overall experience.
• Proven experience in cybersecurity, insider threat analysis, or a related area.
• Demonstrated experience deploying and managing User Activity Monitoring (UAM) solutions in production.
• Proficiency in Splunk – including dashboard development, data ingestion, and search optimization.
• Hands-on skills with Ansible, Python, and JSON for automation and data parsing.
• Solid understanding of networking and firewall fundamentals, including how monitoring tools interact across segmented architectures.
• Familiarity with Palo Alto Networks firewalls and their logging capabilities (useful for correlating user activity across layers).
• Strong analytical and problem-solving skills; ability to make data-driven recommendations.
• Excellent written and verbal communication skills, particularly in conveying technical insights to leadership.
• Must be able to obtain and maintain a Public Trust. Contract requirement.

FACTORS TO HELP YOU SHINE (Required Skills)

These skills will help you succeed in this position:

• Demonstrated experience deploying and managing User Activity Monitoring (UAM) solutions in production.
• Ability to make decisions based upon analysis of documentation.
• Experience with endpoint monitoring tools, SIEM/SOAR integrations, and identity-based risk scoring.
• Working knowledge of DLP, EDR, or behavioral analytics platforms in support of insider threat detection.
• Experience working in a classified environment and delivering briefings in SCIF settings.
• Understanding of NIST 800-53 and related to Insider Threat Programs.

HOW TO STAND OUT FROM THE CROWD (Desired Skills)

Showcase your knowledge of modern development through the following experience or skills:

• Experience with federal regulatory requirements and compliance standards related to cybersecurity.
• Knowledge of programing, Splunk automation, network and firewall operations.
• Familiarity with security tools and technologies used for threat detection and analysis.
• Security certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are a plus.

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams and contribute to our communities. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business. Every position we take is more rewarding when you know the why behind it. Know your work makes a difference to support those who need it most. If your passion is enabling life changing service to those around, you this is the place for you. Find your passion in a team environment where all members are valued regardless of contractor or employee status.  We are excited for you to take your place in our Leidos Family.

Are you an US citizen, US resident, or Visa candidate and think you might fit? We recommend you apply and start the conversation today! Join us in supporting our SSA contracts in Woodlawn, Maryland.

ITSSCII

Come break things (in a good way). Then build them smarter.

We're the tech company everyone calls when things get weird. We don’t wear capes (they’re a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for “how it’s always been done.”

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.