Cyber Intel Analyst - Insider Threat - Data Science/Analytics

Key Skills

Java Programming, Python Programming, C Programming, SQL, PowerBI, Machine learning techniques, Natural Language Processing (NLP), PyTorch, TensorFlow, Splunk, PowerShell Programming

Job Description

COVID-19 continues to significantly impact our employees, families and communities. With employee health and safety as our top priority, and as a federal contractor, Lockheed Martin is taking action to address the increased risk and uncertainty COVID-19 variants pose in the workplace and ensuring we meet our commitments to national security.

To uphold safety for all employees, we will continue to request vaccination status for all Lockheed Martin employees including new hires. All current and newly hired employees are required to follow onsite safety measures based upon the COVID-19 Community Level at the specific work location.

Description:This Lockheed Martin (LM) Cyber Intelligence Analyst Sr Stf position will report to the Computer Incident Response Team (CIRT) Insider Threat Team Manager within Corporate Information Security (CIS). The position will be required to obtain and maintain a DOD clearance, as well as the ability to adhere to the highest standards of ethics and professional conduct. This is a highly hands-on technical role and candidates must be comfortable working in a dynamic and fast-paced operational environment, which occasionally can require the flexibility to work off hours.

This role utilizes expertise in data analytics of various operating system, network, and security infrastructure logs to identify potential insider threats within the organization. The position is responsible for developing new detections leveraging statistical analysis and machine learning, integrating those detections into an existing framework. In addition, the position would be focused on advancing the existing framework to incorporate prediction machine learning models and striving for autonomous decision making. This position relies on in-depth knowledge of Splunk’s Machine Learning Toolkit, and utilization of built in statistical anomaly detection. The role will work with various teams within the organization when additional logging is needed and provide detections supporting the Insider Threat missions.

Primary responsibilities include, but are not limited to, the following:

• Sustainment and maintenance of machine learning models, detections, and baselines supporting the Insider Threat mission.
• Development of additional data sets and baselines that further advance framework leveraged by the Insider Threat team.
• Development of machine learning models to further advance capabilities within broader Lockheed Martin CIRT.
• Development and advancements of detections leveraged by framework to build out risk awareness within the corporation.
• Development of integrations between coding platforms to support Insider Threat mission.
• Collaborating with the Security organization to understand business and program priorities and creating high fidelity indicators that protect those interests
• Maintaining awareness of and involvement in Enterprise-level initiatives and understanding how the products and procedures will impact insider threat visibility and detection
• We are looking for candidates with a strong work ethic, capable of learning quickly, and operating independently. Candidates must have good communication skills and have experience in forensic analysis and insider threat detection. Domain knowledge and experience in cyber security trade craft is also welcomed.

Basic Qualifications:

• Demonstrated experience and proficiency with Splunk, to include creation of custom content (i.e. Reports, Dashboards, Alerts)
• Demonstrated experience utilizing Splunk Applications (Machine Learning Toolkit, Enterprise Security, SOAR, Natural Language Processing)
• Demonstrated experience building scripts and detections utilizing different programming languages (Python, SPL, YARA, Powershell, etc.)
• Demonstrated experience with Python modules related to machine learning (i.e. scikit-learn)
• Unix/Linux environment command line experience
• Strong verbal and written communication skills. Candidate must be able to effectively convey ideas to customers, senior management, team members, and other people throughout the company as a Subject Matter Expert
• Ability to obtain and maintain appropriate DOD security clearance

Desired Skills:

• Demonstrated effective organizational, technical, customer service, and teaming skills
• Demonstrated problem solving skills and self-starter work style
• Demonstrated use machine learning software libraries such as Tensorflow, PyTorch, etc.
• Demonstrated experience in computer forensic, incident response, or insider threat analysis
• Demonstrated experience with computer forensic tools (EnCase, AXIOM, Cellebrite, Intella, FTK, SANS SIFT, etc.)
• Work experience in any of the following areas is a plus: intelligence analysis, system administration, information assurance, or network security/architecture
• Conceptual understanding of the Lockheed Martin Cyber Kill Chain and Intelligence Driven Response
• Hold one or more certifications, such as:
• Splunk (e.g. Certified Power User), CISSP, SANS GIAC (e.g. GSEC), CFCE, CCFE, ENCE, or ACE