Insider Threat Analyst

Agile DefenseWashington, DC
$110,000 - $135,000

About The Position

The Insider Threat Analyst supports the Insider Threat Program Detection and Prevention (ITPDP) effort, performing day-to-day detection, analysis, and triage of potential insider threat activity under the direction of the Senior Insider Threat Analyst. The analyst monitors and investigates alerts across multiple enterprise applications, distinguishing genuine insider threat incidents from false positives, and documents findings in accordance with established procedures. Working within an established program, the analyst applies both the technical and human dimensions of insider threat analysis while ensuring activities are conducted in accordance with applicable federal insider threat guidelines and with careful attention to employee privacy and civil liberties.

Requirements

  • U.S. citizenship and ability to receive and maintain a security clearance at the Tier 5 level or higher.
  • BS or BA degree, or additional related experience in lieu of a degree.
  • Approximately 6 years of combined experience across cybersecurity, security operations, investigations, or insider threat analysis.
  • Hands-on experience with one or more enterprise insider threat, DLP, SIEM, or UEBA/UAM tools (e.g., Splunk, DTEX, Proofpoint/ObserveIT, Microsoft Purview, Exabeam, or similar).
  • Demonstrated ability to analyze logs and dashboards to differentiate real incidents from false positives.
  • Working knowledge of Windows, Unix, and Linux environments and common insider threat indicators and behaviors.
  • Familiarity with log analysis, event correlation, and basic investigative techniques, including awareness of digital forensics concepts.
  • Understanding of the legal and ethical requirements of an insider threat program as they relate to privacy and civil liberties.
  • Strong written communication for documenting findings, and the ability to work under the direction of senior analysts within an established program.
  • Ability to obtain the Counter-Insider Threat Fundamentals Certification if required.

Responsibilities

  • Monitor and analyze logs and alerts from multiple applications via dashboards and other means to determine whether activity represents an actual insider threat incident or a false positive.
  • Triage and investigate potential insider threat indicators, escalating confirmed or ambiguous incidents to the Senior Insider Threat Analyst as appropriate.
  • Support the configuration, tuning, and troubleshooting of application triggers used for insider threat detection in an enterprise environment.
  • Assist with the deployment, operation, and maintenance of enterprise tools supporting insider threat detection.
  • Document findings, produce clear analytical write-ups, and maintain case records in accordance with established reporting procedures.
  • Correlate data across multiple sources to build a complete picture of potential insider threat activity.
  • Support the development and refinement of workflows, playbooks, and program documentation.
  • Conduct all activities in a manner that protects employee privacy and civil liberties and meets the legal requirements of an insider threat program.
  • Coordinate with SOC, investigative, and other stakeholders as directed to support program objectives.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service