Insider Threat Monitoring Lead

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

SOSi is seeking highly qualified Insider Threat Monitoring Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities.

Leads insider-threat detection and user activity monitoring; integrates behavioral analytics and investigative workflows to identify and mitigate internal risks to CBP systems and data.

• Conduct user activity monitoring and behavioral analysis to detect insider threats.
• Correlate endpoint, network, and identity data to identify anomalous behavior.
• Support investigative workflows in coordination with forensics, CI, and OPR stakeholders.
• Develop insider-threat dashboards, alerts, and analytic use cases.
• Provide reporting and briefings on insider-threat trends and incidents.

• Experience: 8+ years supporting insider threat, user activity monitoring, or behavioral analytics in SOC or CI environments.
• Tools: Insider-threat platforms, UEBA, SIEM, DLP, EDR, and case management systems.
• Certifications: CISSP, GCIH, GCFA, or insider-threat–related certification preferred.
• Clearance: TS, SCI-eligible.

• Normal office conditions with potential to perform duties in various CONUS locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

All interested individuals will receive consideration and will not be discriminated against for any reason.