Insider Threat Monitoring Lead

**This position is contingent upon contract award**

SOSi is seeking highly qualified Insider Threat Monitoring Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities.

Job Description

Leads insider-threat detection and user activity monitoring; integrates behavioral analytics and investigative workflows to identify and mitigate internal risks to CBP systems and data.

Responsibilities

• Conduct user activity monitoring and behavioral analysis to detect insider threats.
• Correlate endpoint, network, and identity data to identify anomalous behavior.
• Support investigative workflows in coordination with forensics, CI, and OPR stakeholders.
• Develop insider-threat dashboards, alerts, and analytic use cases.
• Provide reporting and briefings on insider-threat trends and incidents.

Qualifications

• Experience: 8+ years supporting insider threat, user activity monitoring, or behavioral analytics in SOC or CI environments.
• Tools: Insider-threat platforms, UEBA, SIEM, DLP, EDR, and case management systems.
• Certifications: CISSP, GCIH, GCFA, or insider-threat–related certification preferred.
• Clearance: TS, SCI-eligible.

Additional Information

Work Environment

• Normal office conditions with potential to perform duties in various CONUS locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.