AOUSC - Insider Threat Program Lead in Washington, District of Columbia at cFocus Software Incorporated

Position Title
Insider Threat Program Lead
Position Overview
The Insider Threat Lead will design, mature, and oversee insider threat detection, analysis, and investigative support capabilities for a federal enterprise environment. The Lead will integrate user activity monitoring, behavioral analytics, threat intelligence, and investigative workflows to identify and mitigate malicious, negligent, or compromised insider activity.
The ideal candidate possesses experience supporting insider threat programs within federal, intelligence community, law enforcement, or highly regulated environments.
Key Responsibilities

• Lead insider threat operations, analytics, and investigative support activities.
• Develop insider threat detection methodologies and behavioral analytics use cases.
• Coordinate with SOC, CTI, HR, legal, counterintelligence, and security stakeholders.
• Develop insider threat monitoring strategies leveraging:
  • UEBA,
  • SIEM,
  • EDR,
  • DLP,
  • and identity telemetry.
• Lead investigations involving:
  • data exfiltration,
  • privilege misuse,
  • anomalous behavior,
  • credential abuse,
  • and policy violations.
• Develop insider threat reporting, escalation, and case management procedures.
• Conduct threat assessments and risk-based prioritization.
• Support development of insider threat dashboards, metrics, and executive briefings.
• Assist with policy development, governance, and workforce awareness initiatives.
• Participate in oral presentations and technical solution development.

Required Qualifications

• 10+ years of cybersecurity, counterintelligence, investigations, or insider threat experience.
• 5+ years supporting insider threat or behavioral analytics programs.
• Experience supporting federal agencies or classified environments.
• Experience with:
  • UEBA platforms,
  • SIEM analytics,
  • DLP,
  • identity analytics,
  • and investigative workflows.
• Knowledge of:
  • NIST insider threat guidance,
  • behavioral analytics,
  • digital forensics,
  • and investigative methodologies.
• Strong briefing and stakeholder coordination skills.

Preferred Certifications

• CISSP
• CISM
• GCFE
• GCFA
• CIPP
• Insider Threat Program Manager certifications
• Behavioral analytics or fraud investigation certifications