• Serve as cyber and technical advisor to Director MS/Cl
• Serve as a member of the lnTh Program Team, assisting with the identification of ODNI networks, workstations, applications and standalone technology requiring User Activity Monitoring (UAM) installation or evaluation.
• Research and develop analytic products, policies, and procedures and provide structured recommendations and innovative solutions focused on Cyber Cl and lnTh Program processes.
• Coordinate with relevant offices to review reported security, Cl, and/or information technology security management support issues for potential lnTh concerns.
• Participate in meetings, providing suggestions and recommendations to increase the Cl and IT security posture of the ITP activities being discussed.
• Identify critical information and communications technology (ICT) assets, evaluate their vulnerabilities, recommend mitigation strategies, and develop techniques, tools, policies, and procedures.
• Analyze logs and other technical information submitted to the ITP Audit Working Group from ODNI components, to include forensic triage/evaluations of unknown and suspicious media. Evaluate, document, and refer or follow up on reports of suspected lnTh issues, suspicious incidents, Cl leads, and security or ISSM violations or incidents as assigned by Director MS/Cl.
• Address and complete other ad hoc deliverables within the scope of the CASES 11 IDIQ SOW in order to assist the ITP Audit Working Group with meeting i its mission, goals, and obligations.
• Manage and coordinate the preparation of technical analysis, correspondence, briefing books, and other products focused on strategies and solutions regarding lnTh issues and prepare substantive reports for senior managers and planners.
• Participate in special projects within the scope of the CASES 11 IDIQ SOW as required.
• Minimum of a Bachelor's degree.
• Certified Information Systems Security Professional, Certified Information Systems Manager, and GIAC Certified Forensics Analyst certifications.
• A minimum of fifteen (15) years of Cl experience.
• A minimum of ten (10) years of experience working with Government classified systems security.
• Minimum of five (5) years of experience as an ISSM or ISSO at a Federal level agency or department.
• Demonstrated experience in at least four of the following Information Security disciplines: Network Security, Computer Forensics, Physical Security, Government Computer Systems, Firewall/Router Management, Security Project Management or Network Vulnerability Analysis.
• Demonstrated knowledge of exploits, attacks and tools used by skilled hackers, extensive knowledge of lnTh detection triggers, monitoring technology and other mitigation strategies, and extensive knowledge of lnTh program technical management in accordance with the NITTF Insider Threat Program Guide.
• Familiarity with multiple operating systems to include but not limited to: Windows 2000/2003/XP/7, UNIX, Linux, Solaris, etc.
• Familiarity with secure implementations will include at a minimum: VPNS, encryption technologies, IPSEC, V-LANS, Wireless and Cloud technologies.
• Thorough understanding of the federal rules and regulations that encompass the SCI and collateral security process.
• Experience conducting technical training and briefings.
• TS/SCI CI poly
• Experience with lnTh Investigations and/or Inquiries.
• Experience with lnTh UAM.
• Extensive lnTh Program and Cl Program assessment and management experience.
• Extensive Cl and All Source Analytic experience.
• Experience with Key Information Sharing & Safeguarding Indicator (KISSI) reporting, NITTF Program Assessment preparation, NCSC Mission Review reporting, ODNI Instruction 117.05, ODNI lnTh Program, and HBSS.
• Experience with Cloud architecture, migration, and application management.
• Experience with database development and design in a classified environment.
• Experience with NITTF lnTh Assessments preparation, management and support.
• Experience with DARMA and ODN1 C&A workflows and procedures.
• Extensive knowledge and experience with the Security and Cl Reporting System (SCOR).