Insider Threat Analyst

Agile Defense

$110K — $135K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • U.S. citizenship with the ability to obtain Tier 5 security clearance.
  • Bachelor's degree or equivalent experience in related fields.
  • Approximately 6 years of experience in cybersecurity or related fields.
  • Hands-on experience with insider threat detection tools (e.g., Splunk, Exabeam).
  • Proven ability to analyze logs and distinguish genuine threats from false positives.
  • Familiarity with Windows, Unix, and Linux environments.
  • Strong written communication skills for documentation purposes.

Responsibilities

  • Monitor alerts from applications to assess insider threat incidents.
  • Triage and investigate potential indicators of insider threats.
  • Support configuration and troubleshooting of detection triggers.
  • Assist in the deployment and maintenance of detection tools.
  • Document findings and maintain case records as per procedures.
  • Correlate data from multiple sources to identify insider threat activity.
  • Refine workflows and program documentation under established guidelines.

Benefits

  • Engagement with a dedicated Insider Threat Program.
  • Opportunity to work with advanced detection tools and technologies.
  • Collaboration with various teams, including SOC and investigative departments.
  • Professional growth in an emerging field with significant importance.
  • Enhanced skills through on-the-job training and continued education opportunities.
Full Job Description
DESCRIPTION
The Insider Threat Analyst supports the Insider Threat Program Detection and Prevention (ITPDP) effort, performing day-to-day detection, analysis, and triage of potential insider threat activity under the direction of the Senior Insider Threat Analyst. The analyst monitors and investigates alerts across multiple enterprise applications, distinguishing genuine insider threat incidents from false positives, and documents findings in accordance with established procedures. Working within an established program, the analyst applies both the technical and human dimensions of insider threat analysis while ensuring activities are conducted in accordance with applicable federal insider threat guidelines and with careful attention to employee privacy and civil liberties.ESSENTIAL FUNCTIONS
• Monitor and analyze logs and alerts from multiple applications via dashboards and other means to determine whether activity represents an actual insider threat incident or a false positive.
• Triage and investigate potential insider threat indicators, escalating confirmed or ambiguous incidents to the Senior Insider Threat Analyst as appropriate.
• Support the configuration, tuning, and troubleshooting of application triggers used for insider threat detection in an enterprise environment.
• Assist with the deployment, operation, and maintenance of enterprise tools supporting insider threat detection.
• Document findings, produce clear analytical write-ups, and maintain case records in accordance with established reporting procedures.
• Correlate data across multiple sources to build a complete picture of potential insider threat activity.
• Support the development and refinement of workflows, playbooks, and program documentation.
• Conduct all activities in a manner that protects employee privacy and civil liberties and meets the legal requirements of an insider threat program.
• Coordinate with SOC, investigative, and other stakeholders as directed to support program objectives.
QUALIFICATIONS
• U.S. citizenship and ability to receive and maintain a security clearance at the Tier 5 level or higher.
• BS or BA degree, or additional related experience in lieu of a degree.
• Approximately 6 years of combined experience across cybersecurity, security operations, investigations, or insider threat analysis.
• Hands-on experience with one or more enterprise insider threat, DLP, SIEM, or UEBA/UAM tools (e.g., Splunk, DTEX, Proofpoint/ObserveIT, Microsoft Purview, Exabeam, or similar).
• Demonstrated ability to analyze logs and dashboards to differentiate real incidents from false positives.
• Working knowledge of Windows, Unix, and Linux environments and common insider threat indicators and behaviors.
• Familiarity with log analysis, event correlation, and basic investigative techniques, including awareness of digital forensics concepts.
• Understanding of the legal and ethical requirements of an insider threat program as they relate to privacy and civil liberties.
• Strong written communication for documenting findings, and the ability to work under the direction of senior analysts within an established program.
• Ability to obtain the Counter-Insider Threat Fundamentals Certification if required.

$110,000 - $135,000 a year

Similar Jobs

More Jobs at Agile Defense

More Information Technology Jobs

Find similar Insider Threat Analyst jobs: