Insider Threat Analyst

About the position

The Insider Threat Analyst is responsible for detecting, investigating, and mitigating insider threats that pose risks to NIWC CSSP networks and subscriber environments. This role involves user activity monitoring (UAM), behavioral analytics, risk assessments, and coordination with counterintelligence and law enforcement teams to prevent data breaches, unauthorized disclosures, and sabotage by trusted insiders. The analyst will work with security teams to ensure that insider threat monitoring is effective and compliant with relevant policies.

Responsibilities

• Develop and implement an Insider Threat Program to identify, deter, and mitigate insider risks.
• Monitor and analyze user behavior on classified and unclassified government networks for suspicious activities.
• Utilize User Activity Monitoring (UAM) tools such as Splunk, Forcepoint, Ekran System, and SIEM solutions to detect anomalies.
• Correlate security logs, behavioral analytics, and access patterns to identify indicators of potential insider threats.
• Investigate data exfiltration attempts, unauthorized access, and privilege abuse to prevent intellectual property theft or espionage.
• Conduct risk assessments on personnel, contractors, and third-party vendors to identify individuals with access to sensitive data.
• Coordinate with HR, legal, counterintelligence, and law enforcement agencies to investigate insider incidents.
• Analyze social engineering tactics, policy violations, and suspicious financial activity as part of insider threat investigations.
• Develop and conduct Insider Threat Awareness Training for employees and security teams.
• Maintain compliance with CNSSD 504, DoDD 5205.16, and other DoD insider threat policies.
• Compile detailed reports and risk assessments for senior leadership and cybersecurity teams.
• Ensure separation of duties and accountability in insider threat monitoring and response.
• Document lessons learned and contribute to process improvements for insider threat detection and mitigation.

Requirements

• High School Diploma or GED; Experience: Two (2) years of practical experience demonstrating competency in Cybersecurity or related experience.
• Clearance Requirement: Secret / Top Secret SCI
• Certification Requirements: 8570 Compliant IAT 2 or 3
• High School Diploma or GED; Experience: Two (3) years of practical experience demonstrating competency in Cybersecurity or related experience.
• Clearance Requirement: Secret / Top Secret SCI
• Certification Requirements: 8570 Compliant IAT 2 or 3 and meet one of subsequent DoD 8140 manual of CND Auditor, CND Analyst, CNDSP Manager, CND Incident Responder, CND Infrastructure Support, IASAE I or IASAE II
• 5+ years with a Bachelor's degree or 7+ years with HS/GED in Cybersecurity or related experience.
• Clearance Requirement: Secret / Top Secret SCI
• Certification Requirements: 8570 Compliant IAT 2 or 3 and meet one of subsequent DoD 8140 manual of CND Auditor, CND Analyst, CNDSP Manager, CND Incident Responder, CND Infrastructure Support, IASAE I or IASAE II

Benefits

• 401K plan with company match
• medical insurance
• dental insurance
• vision insurance
• life insurance
• AD&D insurance
• flexible spending account
• disability insurance
• paid time off
• flexible work schedule
• professional training and development