Insider Threat Analyst - 642

About The Position

Requirements

• Bachelor's degree minimum
• Minimum 5+ years of experience in insider threat analysis or a related cybersecurity discipline
• Minimum 5+ years’ experience with DTEX or similar insider threat monitoring platforms
• Due to Contractual requirements, must be a U.S. Person defined as, U.S. citizen permanent resident or green card holder, workers granted asylum or refugee status
• Due to national security requirements imposed by the U.S. Government, candidates for this position must not be a People's Republic of China national or Russian national unless the candidate is also a U.S. citizen.

Nice To Haves

• Bachelor's degree in Cybersecurity, Computer Science, Criminal Justice, a related field or equivalent experience
• Demonstrated experience conducting investigations involving data theft, fraud, or policy violations
• Hands-on experience with Microsoft Purview (Insider Risk Management, DLP, Information Protection) and Microsoft Entra ID
• Experience with UEBA platforms (e.g., Securonix, Exabeam, Microsoft Sentinel) and DLP solutions
• Proficiency with SIEM platforms, log analysis, and query languages (e.g., Splunk SPL, KQL, SQL)
• Experience drafting security procedures, playbooks, and technical documentation
• Excellent written and verbal communication skills, including the ability to present technical findings to non-technical audiences
• Counterintelligence experience, particularly in technology protection, economic espionage, or protecting proprietary information and trade secrets
• Background in identifying and mitigating threats from foreign intelligence services, competitors, or other adversaries targeting intellectual property
• Experience contributing to insider threat program development and maturation
• Familiarity with behavioral psychology, social engineering tactics, and human-centered security approaches

Responsibilities

• Review, triage, and prioritize alerting from DTEX, Microsoft Purview, and other monitoring platforms
• Develop, tune, and optimize insider threat detection use cases across UEBA, DLP, SIEM, and endpoint monitoring platforms
• Monitor and analyze DTEX telemetry to identify high-risk user behaviors and potential data exfiltration activities
• Leverage Microsoft Purview for data loss prevention, information protection, and insider risk management capabilities
• Utilize Microsoft Entra ID for identity analytics, access reviews, and monitoring privileged account activity
• Conduct behavioral analysis to identify anomalous patterns indicative of data exfiltration, fraud, sabotage, or policy violations
• Perform proactive threat hunting to discover previously undetected insider risks and develop corresponding detection mechanisms
• Analyze technical indicators alongside contextual information such as HR events, travel data, and organizational changes to assess risk holistically
• Conduct investigations of insider threat incidents, from initial triage through remediation
• Coordinate with Legal, HR, and external law enforcement as required during sensitive investigations
• Prepare detailed investigation reports and briefings for leadership
• Create, maintain, and update insider threat playbooks and response procedures to ensure consistent and effective incident handling
• Contribute to insider threat program strategy and maturity roadmap
• Develop and maintain insider threat metrics, KPIs, and dashboards to measure program effectiveness
• Manage and deliver insider threat awareness training for employees, managers, and security teams
• Stay current on insider threat trends, TTPs, and emerging technologies; recommend program enhancements accordingly

Benefits

• Flexible work schedule
• Employer subsidized health, dental, and vision insurance
• 401(k) match for student loan repayment benefit
• Equity, 401k retirement savings plan + 12 Paid holidays and generous vacation + sick time
• Paid parental leave
• Employee discounts