Insider Threat Analyst

Job Description

Job Description

Insider Threat Analyst

DEFTEC delivers mission-critical solutions through skillfully delivered services and innovative products. We are inspired by our clients' critical missions and driven to provide the most effective solutions to execute their missions, operational challenges, and requirements. Our dedicated, experienced, and talented employees work closely with our clients to ensure the delivery of exceptional services and products.

POSITION OVERVIEW

The Federal Bureau of Investigation (FBI) is charged with protecting and defending the United States against terrorist and foreign intelligence threats, enforcing the criminal laws of the United States, and providing leadership and criminal justice services to federal, state, municipal, and international partners. In 2011, Executive Order 13587 directed all agencies operating or accessing classified computer networks to safeguard classified information and establish insider threat detection programs. The FBI's Insider Threat Office (InTO) serves as the central coordinating component for all insider threat issues, with a mission to detect, deter, and mitigate risks originating from within the organization. This position provides critical analytical support to InTO by conducting research, analysis, and reporting that directly contribute to safeguarding FBI personnel, systems, and information from insider risks.

JOB RESPONSIBILITIES:

• Research, fuse, and analyze large, disparate datasets to identify insider-threat trends/indicators and assess COAs, using SQL/Python for large-set manipulation and automation, and producing decision-quality visuals in Power BI/Tableau and Excel (macros/VBA).
• Conduct insider-threat monitoring across UAM/DLP/UBA/SIEM; triage alerts and perform log analysis in Splunk and Microsoft Sentinel; develop repeatable detections leveraging KQL/SPL and automation in Python/Excel VBA.
• Build and tune data pipelines, queries, and automations aligned to InTO SOPs with minimal re-work (SQL/Python, Splunk saved searches/alerts, Sentinel analytics rules, Power BI dataflows).
• Utilize Microsoft Purview, Defender, and Sentinel; Azure services; and tools such as Everfox, Digital Guardian, and Forcepoint to detect, investigate, and respond to data-loss and misuse events.
• Access classified and open-source systems; collect, organize, and format data per InTO SOPs; manage secure processing/transmittal/storage while applying configuration and privilege management best practices.
• Compare and fuse multi-source reporting (FBI HQ, field offices, partner agencies) to find correlations, discrepancies, and gaps; generate and triage leads/alerts using Splunk dashboards, Sentinel workbooks, and Power BI.
• Develop and prototype analytics (queries, programs, algorithms) for large-scale analysis using SQL/Python and Azure; perform statistical analysis/data exploration and optimize datasets for strategic program support.
• Produce clear, concise analytic products, reports, briefs, charts, tables, and graphs, in Power BI/Tableau/Excel; present findings and recommendations to stakeholders.
• Perform DLP functions and insider-risk investigations using Purview/Defender, Digital Guardian, Forcepoint, and Splunk/Sentinel; identify inappropriate/unauthorized activity, associations, or communications.
• Provide technical/operational support for data and case requests; create Splunk searches, Sentinel queries, and Excel/Power BI views to accelerate discovery and response.
• Execute QC of analytic processes/products (query validation, dashboard accuracy, SOP compliance) across Splunk/Sentinel/Power BI; prioritize multiple projects effectively.
• (ITMU role) Mentor/QA less-senior analysts; set detection standards; lead prototype analytics; and mature enterprise use of the Microsoft security stack (Purview/Defender/Sentinel/Azure), Splunk, Power BI, and automation with SQL/Python/Excel VBA.

Required Qualifications

• Active TS/SCI clearance.
• Education/Experience: Bachelor's degree; or an additional 4 years of directly related experience (totaling 8+ years) in lieu of a degree.
• Experience: Minimum 4 years performing administrative, analytical, and research functions in national-security or operational-security environments.
• Productivity & Tools: Proficiency with Microsoft Office (Outlook, Word, PowerPoint, Excel) and Google Chrome; ability to navigate multiple browser windows/tabs, and copy/paste across applications.
• Communication: Excellent interpersonal skills; proven ability to brief and collaborate with diverse stakeholders.
• Analytic Communication: Demonstrated skill in oral presentations and in writing reports that explain methods and results of mathematical/quantitative analysis to non-technical audiences.

Preferred Qualifications

• Data & Scripting: Strong SQL and Python for large-dataset manipulation, automation, and ETL; working knowledge of KQL (Microsoft Sentinel/Log Analytics) and SPL (Splunk).
• SIEM & Logging: Splunk hands-on (data onboarding/normalization, dashboards, alerts; ES/CIM mappings).
• Microsoft Security Stack: Microsoft Sentinel (analytic rules, workbooks, UEBA, automation/Logic Apps), Microsoft Defender (Endpoint/Identity/Email), and Microsoft Purview (DLP policies, sensitivity labels, insider-risk controls).
• Cloud & Telemetry: Azure familiarity (Log Analytics/Kusto, Azure Monitor, Data Explorer; basic Data Factory/orchestration) supporting pipelines and playbooks.
• DLP/Insider Risk: Experience with Digital Guardian, Forcepoint, Everfox (policy creation/tuning, incident triage).
• Visualization: Power BI (DAX, Power Query) and/or Tableau (calculated fields, LOD) to deliver decision-quality visuals.
• Advanced Excel: Power Query/Pivot and VBA/macros for repeatable analysis and workflow automation.
• Engineering for InTO SOPs: History of building/tuning pipelines, queries, and dashboards aligned to government/InTO formats with minimal re-work and strong QC.
• Domain Depth: Familiarity with UAM, DLP, UBA, SIEM, and Windows/M365/network logs; ability to craft repeatable detection methods.

DEFTEC offers a comprehensive whole-life benefits package that includes medical, dental, vision, holiday, paid time off, 401K with a match, life insurance, short/long-term disability, and educational reimbursement. The DEFTEC team comprises professionals who make a difference daily in crucial national security missions. Our leadership knows that this happens by employing a diverse team that is well cared for. Our top priority is our employees, making DEFTEC an ideal workplace.

Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. Please get in touch with [email protected] if you require reasonable accommodations.

DEFTEC is a Drug-Free Workplace where post-offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria are met as outlined in our policies.

AAP/EEO Statement

DEFTEC Corp is an Equal Opportunity and Affirmative Action Employer and prohibits discrimination and harassment of any type based on actual or perceived race, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, and gender expression, religious creed, disability (mental and physical) including HIV and AIDS, medical condition (cancer and genetic characteristics ), genetic information, age, marital status, civil union status, sexual orientation, military and veteran status, denial of family and medical care leave, arrest record and/or any other characteristic(s) protected by federal, state or local law.

This policy applies to all terms of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, training, compensation, benefits, employee activities, and general treatment during employment.

Other Duties

Please note that this job description is not designed to cover or contain a comprehensive listing of the activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time, with or without notice.