Insider Threat Analyst (Active Secret Security Clearance Required)

Description

Shift: Standard; On-site

Pay Range: Based on Experience

Ryan Consulting Group, Inc. is seeking an experienced Insider Threat Analyst to support the Insider Threat Program through continuous monitoring, investigation, and enhancement of detection capabilities. The ideal candidate will possess a strong background in insider threat detection, hands-on experience with UAM tools such as ForcePoint, and a thorough understanding of DoD and federal cybersecurity regulations. This role requires analytical expertise, the ability to correlate diverse threat indicators, and the skills to develop actionable insights that safeguard sensitive information across a dynamic, high-security environment.

Key responsibilities include:

• Perform continuous User Activity Monitoring (UAM) using government-approved tools to detect and report indicators of insider threat.
• Assist in the proactive identification of new collection methodologies for the Insider Threat Program.
• Execute and maintain Insider Threat Program Standard Operating Procedures (SOPs).
• Develop Tactics, Techniques, and Procedures (TTPs) to identify insider threats and brief team members on emerging risks.
• Coordinate regularly with the Cybersecurity Service Provider (CSSP) to monitor alerts for potential insider threats.
• Conduct insider threat inquiries in accordance with established scoping documents and intake procedures, ensuring all information is usable for potential disciplinary or legal actions.
• Maintain a secure and up-to-date tracking system for insider threat inquiries, including new, active, completed, and archived cases.
• Archive completed inquiries and associated documentation in accordance with DoD and federal data retention policies.
• Maintain and update an Insider Threat Indicators of Compromise (IOC) list, incorporating relevant indicators from both internal and DoD sources.
• For each IOC, develop a reference document that includes:
  • Indicator number and name
  • Description and associated behaviors
  • Cyber activity and artifacts
  • Detection recommendations
  • Attribution methods
  • Risk assessment
  • Reporting thresholds

Requirements

• Hands-on experience working with UAM tools, including ForcePoint.
• Demonstrated expertise in insider threat detection, analysis, and investigation across large enterprises.
• Strong understanding of insider threat operations, frameworks, and current threat landscape.
• Deep knowledge of cybersecurity regulations, policies, and best practices.
• Ability to collect, analyze, and correlate disparate data to develop actionable threat insights.
• Experience developing insider threat use cases and writing complex security event correlation rules.
• Proven ability to collaborate with cross-functional stakeholders and maintain sensitive data handling protocols.
• Experience designing and implementing detection rules based on insider threat tradecraft.
• Familiarity with DOD Insider Threat Program standards and recordkeeping.

One of the following IAT Level II certifications:

• Security+ CE
• GSEC
• SSCP
• CySA+
• CCNA Security
• GICSP

PLUS, one of the following:

• CEH
• CFR
• CCNA Cyber Ops
• GCIA
• GCIH
• Cloud+
• SCYBER
• PenTest+

Statements

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group, Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment, including recruitment, hiring, promotion, training, compensation, benefits, and termination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.

Ryan Consulting Group, Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process, please contact [email protected].

Drug-Free Workplace Statement

Ryan Consulting Group, Inc. is committed to maintaining a drug-free workplace, in compliance with the Drug-Free Workplace Act of 1988, which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety, health, and productivity of our workforce, and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group, Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.