Cyber Investigation Analyst - OTA
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Support the Cyber Threat Investigations & Analysis Division (CTAD) in conducting end-to-end insider threat and cyber investigations leveraging User Activity Monitoring (UAM) tools and data.
- Collect, analyze, and interpret log data to detect anomalous user behavior, policy violations, and potential insider threats across enterprise systems.
- Develop and refine detection rules, alerts, and behavioral baselines to improve threat detection capabilities.
- Conduct forensic analysis of user activity logs, endpoint telemetry, and network data to support investigations and produce actionable intelligence.
- Communicate complex investigative findings to both technical and non-technical stakeholders, including senior management.
- Collaborate with legal, HR, and security teams to ensure investigations are conducted in accordance with applicable laws, policies, and Department guidelines.
- Author detailed investigation reports, bulletins, and advisories documenting findings.
- Promote awareness of insider threat indicators and UAM best practices among customer stakeholders, coworkers, and Department users.
- Respond to escalated security incidents and provide expert guidance on user activity-related threat vectors.
- Conduct all aspects of case management for active inquiries to include case documentation, investigative records, digital artifacts, SharePoint repositories, and data storage management.
- Provide guidance and mentorship to junior team members on investigative techniques and tool usage.
- Stay current on emerging insider threat tactics, techniques, and procedures (TTPs) and incorporate findings into detection strategies.
- Required Qualifications:
- A Bachelor's degree and 5 years of experience. An additional 4 years of experience may be substituted in lieu of the bachelors degree requirement.
- Minimum of 2 years of experience in in cybersecurity, digital forensics, or cyber investigations.
- Must either possess and maintain, or obtain prior to start date, one of the following professional certifications:
- CISSP-ISSAP; CISSP-ISSEP; CISSP; Security+ CE; CySA+; PPDA; Agile IC; SNOW App Dev
- Experience conducting insider threat or cyber misconduct investigations in an enterprise environment.
- Experience analyzing large datasets of user activity, log data, and endpoint telemetry.
- Strong analytical, problem-solving, and decision-making skills to support complex, sensitive investigations.
- Excellent written and verbal communication skills, including experience producing formal investigative reports.
- Must possess strong time management skills and the ability to complete assigned tasks with minimal supervision.
- U.S. citizenship required.
- Active Top Secret security clearance.
- Ability to obtain a final Top Secret/SCI security clearance
Requirements
- Experience with insider threat programs and familiarity with the National Insider Threat Policy.
- Familiarity with SIEM platforms (e.g., Splunk, Microsoft Sentinel) for correlating UAM data with broader security telemetry.
- Experience with digital forensics tools (e.g., EnCase, FTK, Magnet AXIOM).
- Knowledge of Active Directory and Azure AD for user account analysis.
- Experience working in a government or federal law enforcement investigative environment.
- Technical writing skills and experience producing materials for senior leadership audiences.
- Familiarity with chain of custody procedures, and eDiscovery processes.
- Experience with behavioral analytics platforms or UEBA (User and Entity Behavior Analytics) tools.
Benefits
Additional Information
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively - anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results. This is a contingent position based upon customer approval. SkyePoint Decisions is seeking a Cyber Investigation Analyst to support the Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective, and secure business processes. This position is located in Arlington, VA and will be onsite 5 days a week. No hybrid/telework allowed.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at skyepointdecisionsinc? Share your experience