Information Assurance/ Insider Threat (InT) Analyst/UAM Expansion Surge (UAM/HUB) (Program Analyst)
Information Assurance/ Insider Threat (InT) Analyst/UAM Expansion Surge (UAM/HUB) (Program Analyst)Minimum Qualifications SummaryRequired ExperienceThe contractor shall possess a Certified Information Systems Security Professional (CISSP) certification and/or a Security+ certification at no cost to the government. The contractor shall possess, or shall be in a position to obtain within six (6) months after contract award, certifications demonstrating mastery of Information Assurance Technical (IAT) and/or Information Assurance Management (IAM) Level III, as well as Computer Environment (CE) knowledge and skills at no cost to the government.Organization Supported: The Deputy Chief of Naval Operations, Information Warfare (DCNO N2N6I SI) requires management support services to facilitate Warfighting,Manpower and Business transformation initiatives. The services are for strategic, operational & tactical level support regarding current and future Requirements Generation/Capability Development: Programmatic, Budgeting, Cost-Control: Strategic Governance and, Policy initiatives.Lukos is recruiting for personnel to support the Deputy Chief of Naval Operations (DCNO) N2N6I organization with subject matter expertise to The Insider Threat Program (InTP) and the Navy's Insider Threat (InT) mission to prevent, detect, deter and mitigate the risk to Navy personnel and damage to Navy resources, information, and systems from potential malicious witting or unwitting insiders.Job ObjectiveThe purpose of this requirement is to study, analyze, advise, research and develop deliverables to advance the detection, deterrence and mitigation of insider threat activity in the Department of the Navy (DoN), while safeguarding National Security, service information and data on both Navy and civilian contractor's information systems through the application of knowledge and resources in achieving the Navy's mission requirements defined herein.The focus of the services required under this task order is divided into two types: Executive Level including short-term projects, special studies, strategic analyses support, and high-level briefings; and Basic Level including analytical, technical, financial management support, programmatic support, data collection, policy review, process research and adhoc task as applicableResponsibilities Information Assurance/ Insider Threat (InT) Analyst/UAM Expansion Surge (UAM/HUB) (Program Analyst) - Collect, and subsequently conduct, analysis of information received from deployed agents on the Insight Anomaly Detection System (IADS). Assist in the development and management of Insider Threat Detection Programs. Perform one or more of the following areas: IA, cyber threat analysis, incident response, intrusion detection, network/computer forensics, data loss prevention technologies, enterprise audit analysis, and/or automated Audit/Anomaly Threat Detection technology. Conduct information technology audits, incident responses, and/or network monitoring at the Enterprise level, to include the use of security tools to conduct such work. Assist in the development and implementation of cyber, IA, security, and insider threat collection, analysis, and production tradecraft. Assist in the integration and analysis of multiple relevant security data sources. Assist in generating analysis reports and briefing other team members and/or senior management on the analytical findings. Utilize writing skills for the development of Tactics, Techniques, and Procedures (TTP) and supporting documentation. Use their knowledge of and experience in the use of security information and event management tools (eg, HP ArcSight and McAfee ePO Host Based Security System, etc.) Conduct security audit scans on the software and hardware in performance of assigned duties. Serve as a member of a Government-led Insider Threat - Fusion Cell Analysis Team, with a focus on Information Assurance (IA)/Computer Network Defense (CND) and Security. Fulfill the requirements of the DoDD 8570.01-M, IA Workforce Improvement Program. Provide training on use of the Government Audit/Anomaly Threat Detection technology. Receive automated user activity monitoring/audit data and alerts from sensors deployed on Navy's classified and unclassified SCI networks and conduct initial analysis response and feedback of audit data collected to detect cyber and insider threats. Provide to the Government, in the form of tracking metrics captured on a daily, weekly, and monthly basis: Event alert types; Number of automated audit event alerts received from deployed sensors; Number of false positive audit event alerts received from deployed sensors; The false positive to audit event alert ratio based on events received from deployed sensors; Number of events reviewed per analyst; Number of inquiries, based on events received, forwarded to IA staff for review; Number of inquiries, based on events received, forwarded to CI entities for review Perform analyses of audit data and alerts to identify anomalous/suspicious activity, possible policy or security violations and the individuals responsible, other network or systemic risks presenting an avoidable opportunity for a malicious insider to exploit, and potential insider threats. When needed, the contractor shall document and forward findings to the Government Reviewer for further action. The contractorshall provide final analysis and assessment results to the Government and assist the Government in resolving identified discrepancies. Coordinate with applicable points of contact from Personnel Security, CI, LE, IA, Inspector General (IG), Human Resources (HR), and other necessary Mission Business Owners (MBO) to resolve audit alerts as required by documented standard operating procedures for monitoring, detection, response, and reporting activities. Collaborate with pillar leads of IA, Security, and CI/LE to develop dashboards, filters, and audit policy triggers for audit capabilities and assist in regular trigger refinement based on the analysis of evolving anomaly event activities across the Navy SCI and SIPR network. Support Government Team Leads by engaging with other organizational elements (eg, CI, Security, CND, IA, etc.) to remain aware of known Advanced Persistent Threats (APT), evolution of cyber security and insider threat technology and methodology, and other related focus areas that could impact operational mission objectives. Work with other team members and departments of the organization to conduct security scans, implement Standard Technical Installation Guides (STIG's), Manual test procedures to test, document result pertaining to the security posture of the system for ATO efforts. Evaluate existing system policies, modify policies to achieve program objectives, and/or develop new policies. Capture, document, develop and provide a Lessons Learned document for the program. The document, at a minimum, shall include: Technical/programmatic gaps and successes and failures identified in the pilot, and recommended solutions, to include cost estimates for technical and manpower resources, addressing items identified in the pilot and identifying a path forward to establish Initial Operating Capabilities (IOC) and potential deployment across the Naval Intelligence Enterprise Assist in development of business processes and workflows (technical or functional), SOPs, and documentation. Unless otherwise directed, the contractor shall use Government-supplied format. Assist in development of: Supporting concepts of operations; Response and reporting processes and procedures for status (non-critical) and referral (critical) events with appropriate authorities (eg, Security, IA, CI/LE, IG, HR, etc.) Employ - under Government direction - current best practices and state-of-the-art cyber, IA, security, and insider threat TTP. Serve as a subject matter expert, participating in meetings, working groups, system demonstrations, and conferences as needed. Provide briefings and presentation materials, conference or meeting materials, technical memoranda, and administrative reports in support of this Task Order. Provide the Government with a copy of all documentation developed in support of the Task Order. Conduct the required support and respond to tasks within an amount of time agreed upon by the contractor and the Government Lead. Work with multiple organizations within the Navy responsible for systems control, integration, testing, security, and maintenance, as well as appropriate privacy and legal authorities and external partners. Provide a weekly status report to the Government Team Leads, which shall, at a minimum, include: Work performed during the week, including accomplishments; Plan for work to be performed during the following week; Identification and discussion of any risks or issues pertaining to assigned tasks and their associated deliverable target dates; The report shall be provided in the standard format provided by the Government. Information Assurance/ Insider Threat (InT) Analyst/UAM Expansion Surge (UAM/HUB) (Program Analyst) Required Experience: Possess a Certified Information Systems Security Professional (CISSP) certification and/or a Security+ certification at no cost to the government. The contractor shall possess, or shall be in a position to obtain within six (6) months after contract award, certifications demonstrating mastery of Information Assurance Technical (IAT) and/or Information Assurance Management (IAM) Level III, as well as Computer Environment (CE) knowledge and skills at no cost to the government.Security ClearanceThe highest level of security required for this requirement is TOP SECRET/SCI and SI/TK/G/HCS//as necessary to work within a SCIF. Access to Joint World-Wide Intelligence Communication System (JWICS) is required.Work LocationThe place of performance will primarily be at the Government's facilities in the Washington DC metropolitan (National Capital Region/NCR) area to include Northern Virginia (Pentagon) and Southern Maryland (Office of Naval Intelligence/ONI).About Lukos Lukos delivers professional services to the Department of Defense. Lukos has been one of the most successful and most diversified support companies for US Special Operations Command and its components for over a decade. Since our founding, we have grown to support all military services and multiple federal civilian agencies.About Our Name: Lukos is ancient Greek for "wolf". The characteristics of the wolf match our approach to national security. The wolf is known for cunning, aggression, patience, and teamwork. An individual wolf is smart, strong, and resilient, but the true strength of wolves is their ability to work together as a wolfpack. Kipling said it best in The Law of the Jungle."For the strength of the pack is the wolf, and the strength of the wolf is the pack."Lukos is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability, or national origin.