Insider Threat Analyst

Insider Threat Analyst

DEFTEC delivers mission-critical solutions through skillfully delivered services and innovative products. We are inspired by our clients critical missions and driven to provide the most effective solutions to execute their missions operational challenges and requirements. Our dedicated experienced and talented employees work closely with our clients to ensure the delivery of exceptional services and products.

POSITION OVERVIEW

The Federal Bureau of Investigation (FBI) is charged with protecting and defending the United States against terrorist and foreign intelligence threats enforcing the criminal laws of the United States and providing leadership and criminal justice services to federal state municipal and international 2011 Executive Order 13587 directed all agencies operating or accessing classified computer networks to safeguard classified information and establish insider threat detection programs. The FBIs Insider Threat Office (InTO) serves as the central coordinating component for all insider threat issues with a mission to detect deter and mitigate risks originating from within the organization. This position provides critical analytical support to InTO by conducting research analysis and reporting that directly contribute to safeguarding FBI personnel systems and information from insider risks.

JOB RESPONSIBILITIES:

• Research fuse and analyze large disparate datasets to identify insider-threat trends/indicators and assess COAs using SQL/Python for large-set manipulation and automation and producing decision-quality visuals in Power BI/Tableau and Excel (macros/VBA).
• Conduct insider-threat monitoring across UAM/DLP/UBA/SIEM; triage alerts and perform log analysis in Splunk and Microsoft Sentinel; develop repeatable detections leveraging KQL/SPL and automation in Python/Excel VBA.
• Build and tune data pipelines queries and automations aligned to InTO SOPs with minimal re-work (SQL/Python Splunk saved searches/alerts Sentinel analytics rules Power BI dataflows).
• Utilize Microsoft Purview Defender and Sentinel; Azure services; and tools such as Everfox Digital Guardian and Forcepoint to detect investigate and respond to data-loss and misuse events.
• Access classified and open-source systems; collect organize and format data per InTO SOPs; manage secure processing/transmittal/storage while applying configuration and privilege management best practices.
• Compare and fuse multi-source reporting (FBI HQ field offices partner agencies) to find correlations discrepancies and gaps; generate and triage leads/alerts using Splunk dashboards Sentinel workbooks and Power BI.
• Develop and prototype analytics (queries programs algorithms) for large-scale analysis using SQL/Python and Azure; perform statistical analysis/data exploration and optimize datasets for strategic program support.
• Produce clear concise analytic products reports briefs charts tables and graphs in Power BI/Tableau/Excel; present findings and recommendations to stakeholders.
• Perform DLP functions and insider-risk investigations using Purview/Defender Digital Guardian Forcepoint and Splunk/Sentinel; identify inappropriate/unauthorized activity associations or communications.
• Provide technical/operational support for data and case requests; create Splunk searches Sentinel queries and Excel/Power BI views to accelerate discovery and response.
• Execute QC of analytic processes/products (query validation dashboard accuracy SOP compliance) across Splunk/Sentinel/Power BI; prioritize multiple projects effectively.
• (ITMU role) Mentor/QA less-senior analysts; set detection standards; lead prototype analytics; and mature enterprise use of the Microsoft security stack (Purview/Defender/Sentinel/Azure) Splunk Power BI and automation with SQL/Python/Excel VBA.

Required Qualifications

• Active TS/SCI clearance.
• Education/Experience: Bachelors degree; or an additional 4 years of directly related experience (totaling 8 years) in lieu of a degree.
• Experience: Minimum 4 years performing administrative analytical and research functions in national-security or operational-security environments.
• Productivity & Tools: Proficiency with Microsoft Office (Outlook Word PowerPoint Excel) and Google Chrome; ability to navigate multiple browser windows/tabs and copy/paste across applications.
• Communication: Excellent interpersonal skills; proven ability to brief and collaborate with diverse stakeholders.
• Analytic Communication: Demonstrated skill in oral presentations and in writing reports that explain methods and results of mathematical/quantitative analysis to non-technical audiences.

Preferred Qualifications

• Data & Scripting: Strong SQL and Python for large-dataset manipulation automation and ETL; working knowledge of KQL (Microsoft Sentinel/Log Analytics) and SPL (Splunk).
• SIEM & Logging: Splunk hands-on (data onboarding/normalization dashboards alerts; ES/CIM mappings).
• Microsoft Security Stack: Microsoft Sentinel (analytic rules workbooks UEBA automation/Logic Apps) Microsoft Defender (Endpoint/Identity/Email) and Microsoft Purview (DLP policies sensitivity labels insider-risk controls).
• Cloud & Telemetry: Azure familiarity (Log Analytics/Kusto Azure Monitor Data Explorer; basic Data Factory/orchestration) supporting pipelines and playbooks.
• DLP/Insider Risk: Experience with Digital Guardian Forcepoint Everfox (policy creation/tuning incident triage).
• Visualization: Power BI (DAX Power Query) and/or Tableau (calculated fields LOD) to deliver decision-quality visuals.
• Advanced Excel: Power Query/Pivot and VBA/macros for repeatable analysis and workflow automation.
• Engineering for InTO SOPs: History of building/tuning pipelines queries and dashboards aligned to government/InTO formats with minimal re-work and strong QC.
• Domain Depth: Familiarity with UAM DLP UBA SIEM and Windows/M365/network logs; ability to craft repeatable detection methods.

DEFTEC offers a comprehensive whole-life benefits package that includes medical dental vision holiday paid time off 401K with a match life insurance short/long-term disability and educational reimbursement. The DEFTEC team comprises professionals who make a difference daily in crucial national security missions. Our leadership knows that this happens by employing a diverse team that is well cared for. Our top priority is our employees making DEFTEC an ideal workplace.

Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. Please get in touch with if you require reasonable accommodations.

DEFTEC is a Drug-Free Workplace where post-offer applicants and employees are subject to testing for marijuana cocaine opioids amphetamines PCP and alcohol when criteria are met as outlined in our policies.

AAP/EEO Statement

DEFTEC Corp is an Equal Opportunity and Affirmative Action Employer and prohibits discrimination and harassment of any typebased on actual or perceived race color national origin ancestry sex (including pregnancy childbirth breastfeedingand medical conditions related to pregnancy childbirth or breastfeeding)gender gender identity and gender expression religious creeddisability (mental and physical) including HIV and AIDS medical condition (cancer and genetic characteristics ) genetic information age marital status civil union status sexual orientation military and veteran status denial of family and medical care leave arrest record and/or any other characteristic(s) protected by federal state or local law.

This policy applies to all terms of employment includingrecruiting hiring placement promotion termination layoff recall transfer leaves of absence training compensation benefits employee activities and general treatment during employment.

Other Duties

Please note that this job description is not designed to cover or contain a comprehensive listing of the activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.