(589) Insider Threat Program Analyst

Position Description:
This position is responsible for supporting National Oceanic and Atmospheric Administration’s (NOAA's) Internal Risk Management Program (IRMP) by designing, implementing, and maintaining comprehensive insider threat detection and mitigation capabilities. The Insider Threat Program Analyst will develop and operationalize policies, systems, and practices to detect, deter, and respond to potential insider threats within NOAA's workforce, including government employees, contractors, and uniformed services. The ideal candidate will have expertise in security data analysis, risk assessment, and collaboration with internal and external stakeholders to ensure the protection of sensitive information, systems, and assets. This role requires strong analytical skills and the ability to identify behavioral indicators of insider threats while maintaining compliance with privacy regulations and ethical standards.

Location:  Hybrid (Silver Spring, MD)


Clearance:  Active TS/SCI

Responsibilities and/or Success Factors: Program Support and Internal Risk Operations

• Support development and implementation of a comprehensive Internal Risk Management Program (IRMP) that detects, deters, and responds to insider threats across NOAA’s workforce, including employees, contractors, and uniformed personnel. 
• Assist with crafting and maintaining internal risk/insider threat policies, procedures, and governance artifacts; ensure alignment with federal directives and NOAA policy. Data Integration and Analytics 
• Consolidate and analyze security data from multiple sources (e.g., cybersecurity telemetry/SIEM, User Access Management (UAM), Human Resources (HR), physical access, case management, and lawful external data) into a cohesive risk picture that provides actionable insights to leadership. 
• Develop analytic methods and behavioral indicators; produce dashboards and routine analytical products to inform risk prioritization and mitigation activities. 
• Monitor system integration performance and data quality; recommend improvements to achieve target integration milestones and performance metrics. Case Management and Incident Response 
• Execute insider threat reporting and response procedures; triage, document, and track matters in the IRMP HUB case management tools; coordinate formal referrals and follow-up actions.
• Support insider threat incident investigations, response, and mitigation; document timelines, actions, lessons learned, and protocol adjustments. 
• Meet timeliness standards for incident documentation and reporting (e.g., initial reporting within three business days) and ensure evidence handling aligns with applicable policy. Training, Awareness, and Culture 
• Develop and deliver insider threat and internal risk training and awareness content; assess training effectiveness via post-training surveys and performance metrics. 
• Drive adoption of best practices to embed a proactive, ethical, and privacy-aware internal risk culture across NOAA; tailor content to roles and mission contexts. 
• Maintain training artifacts and schedules; recommend continuous improvement actions based on feedback and outcomes. Research Security and Compliance (NSPM-33) 
• Support development and implementation of research security protocols and compliance measures to protect sensitive research and deter foreign interference. 
• Assist with assessments, gap analyses, and corrective action planning to achieve and sustain compliance with NSPM-33 and related standards. Collaboration and Stakeholder Engagement • Coordinate with internal stakeholders (e.g., Cybersecurity Division, HR, Legal/Privacy/Civil Liberties, Research Security, Security Management) and external partners (e.g., NITTF, SEI CERT). 
• Document stakeholder engagements, action items, and outcomes; track completion and effectiveness. Reporting and Deliverable Execution 
• Develop and maintain program artifacts and deliverables, which may include: Risk Mitigation Strategy documents; Research Security Compliance Reports; Training & Awareness Program Reports; Insider Threat Detection System Status Reports; Incident Response and Mitigation Reports; Risk Management dashboards/tools updated at least weekly; Policy and SOP updates; Stakeholder Engagement Reports; and annual/final program evaluations. 
• Ensure products are accurate, clear, Section 508 compliant, and aligned to acceptance criteria and performance standards. Risk Management and Continuous Improvement 
• Identify, track, and mitigate program and operational risks, including integration, privacy, and workforce continuity risks; propose practical workarounds and improvements. 
• Support development and maintenance of dependencies, milestones, resource plans, and tracking mechanisms to keep the roadmap on schedule. Security, Privacy, and Ethics Compliance 
• Adhere to NISPOM, Privacy Act, CUI handling, civil liberties protections, and NOAA security policies; safeguard CNSI and CUI per contract requirements. 
• Maintain required security training and certifications

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Top Secret security clearance with SCI eligibility (SCI access preferred); ability to maintain eligibility throughout performance 
• Bachelor’s degree in cybersecurity, information systems, intelligence/counterintelligence, behavioral science, criminology, data analytics, or a related field; equivalent experience may be considered 
• Five (5) or more years of experience in insider threat, internal risk, counterintelligence, security operations, or cyber analytics within federal, defense, or research environments 
• Demonstrated experience consolidating and analyzing multi-source security data (e.g., SIEM/UAM/HR/physical access); proficiency with dashboards and analytics (e.g., Smartsheet, Tableau, Power BI, Google Workspace) 
• Hands-on experience with insider threat/IRMP case management, incident response, and formal referral processes; strong documentation and chain-of-custody practices 
• Knowledge of and experience applying NITTF Minimum Standards, EO 13587, NSPM-33, NISPOM, FISMA, NIST standards (e.g., SP 800-53, 800-171), and CUI handling requirements 
• Experience developing and delivering training and awareness programs; ability to measure training effectiveness and drive continuous improvement 
• Strong written and oral communication skills; demonstrated ability to brief leadership and produce high-quality, timely reports and deliverables 
• Proven ability to collaborate with cross-functional stakeholders (Cybersecurity, HR, Legal/Privacy, Research Security, Security Management) and external partners (e.g., NITTF, SEI CERT) 
• Commitment to privacy, civil liberties, ethics, and Section 508 compliance in all program artifacts

Desired Qualifications: 

• NITTF Insider Threat Program personnel training/certification 
• Relevant professional certifications (e.g., CISSP, Security+, CEH, GCIH, GCFE, CISM, CCSP) 
• Experience supporting research security and NSPM-33 implementation within a federal research environment
• Experience with User and Entity Behavior Analytics/User Activity Monitoring (UEBA/UAM) solutions, SIEM platforms (e.g., Splunk), and case management systems; familiarity with SIPRNet/secure enclaves 
• Data analytics skills (e.g., SQL, Python) and experience building automated dashboards and metrics 
• Familiarity with CMU SEI CERT insider threat best practices and NOAA mission context 
• Experience producing program roadmaps, risk registers, and accepted program documentation under federal QASP/QASP-like surveillance