Insider Threat Monitoring Lead

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

** This position is contingent upon contract award**

SOSi is seeking highly qualified Insider Threat Monitoring Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities.

Leads insider-threat detection and user activity monitoring; integrates behavioral analytics and investigative workflows to identify and mitigate internal risks to CBP systems and data.

• Conduct user activity monitoring and behavioral analysis to detect insider threats.
• Correlate endpoint, network, and identity data to identify anomalous behavior.
• Support investigative workflows in coordination with forensics, CI, and OPR stakeholders.
• Develop insider-threat dashboards, alerts, and analytic use cases.
• Provide reporting and briefings on insider-threat trends and incidents.

• Experience: 8+ years supporting insider threat, user activity monitoring, or behavioral analytics in SOC or CI environments.
• Tools: Insider-threat platforms, UEBA, SIEM, DLP, EDR, and case management systems.
• Certifications: CISSP, GCIH, GCFA, or insider-threat-related certification preferred.
• Clearance: TS, SCI-eligible.

• Normal office conditions with potential to perform duties in various CONUS locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

All interested individuals will receive consideration and will not be discriminated against for any reason.