Cyber Investigations Analyst - OTA / Active Top Secret

About The Position

Requirements

• A Bachelor’s degree and 5 years of experience. An additional 4 years of experience may be substituted in lieu of the bachelors degree requirement.
• Minimum of 2 years experience in cybersecurity, digital forensics, or cyber investigations.
• Must either possess and maintain, or obtain prior to start date, one of the following professional certifications: CISSP-ISSAP; CISSP-ISSEP; CISSP; Security+ CE; CySA+; PPDA; Agile IC; SNOW App Dev
• Experience conducting insider threat or cyber misconduct investigations in an enterprise environment.
• Experience analyzing large datasets of user activity, log data, and endpoint telemetry.
• Strong analytical, problem-solving, and decision-making skills to support complex, sensitive investigations.
• Excellent written and verbal communication skills, including experience producing formal investigative reports.
• Must possess strong time management skills and the ability to complete assigned tasks with minimal supervision.
• U.S. citizenship required.
• Active Top Secret security clearance.
• Ability to obtain a final Top Secret/SCI security clearance.

Nice To Haves

• Experience with insider threat programs and familiarity with the National Insider Threat Policy.
• Familiarity with SIEM platforms (e.g., Splunk, Microsoft Sentinel) for correlating UAM data with broader security telemetry.
• Experience with digital forensics tools (e.g., EnCase, FTK, Magnet AXIOM).
• Knowledge of Active Directory and Azure AD for user account analysis.
• Experience working in a government or federal law enforcement investigative environment.
• Technical writing skills and experience producing materials for senior leadership audiences.
• Familiarity with chain of custody procedures, and eDiscovery processes.
• Experience with behavioral analytics platforms or UEBA (User and Entity Behavior Analytics) tools.

Responsibilities

• Support the Cyber Threat Investigations & Analysis Division (CTAD) in conducting end-to-end insider threat and cyber investigations leveraging User Activity Monitoring (UAM) tools and data.
• Collect, analyze, and interpret log data to detect anomalous user behavior, policy violations, and potential insider threats across enterprise systems.
• Develop and refine detection rules, alerts, and behavioral baselines to improve threat detection capabilities.
• Conduct forensic analysis of user activity logs, endpoint telemetry, and network data to support investigations and produce actionable intelligence.
• Communicate complex investigative findings to both technical and non-technical stakeholders, including senior management.
• Collaborate with legal, HR, and security teams to ensure investigations are conducted in accordance with applicable laws, policies, and Department guidelines.
• Author detailed investigation reports, bulletins, and advisories documenting findings.
• Promote awareness of insider threat indicators and UAM best practices among customer stakeholders, coworkers, and Department users.
• Respond to escalated security incidents and provide expert guidance on user activity-related threat vectors.
• Manage case documentation and investigative records in SharePoint repositories.
• Provide guidance and mentorship to junior team members on investigative techniques and tool usage.
• Stay current on emerging insider threat tactics, techniques, and procedures (TTPs) and incorporate findings into detection strategies.

Benefits

• Overtime
• Shift differential
• Discretionary bonus