Insider Threat Operations Center (ITOC) Analyst

Sentar is proud to be an employee-owned company, fostering a culture of empowerment, collaboration, and innovation. Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the team where you can build, innovate, and secure your career.

Sentar is seeking an Insider Threat Operations Center (ITOC) Analyst!

Role Description:

The Insider Threat Operations Center (ITOC) Analyst / Technical Lead supports enterprise Insider Threat programs by conducting technical analysis of user activity data and alerts to identify indicators of malicious, negligent, or risky insider behavior. This role supports civil, workplace, counterintelligence, and law enforcement inquiries and investigations while ensuring protection of legal rights, civil liberties, and privacy.

At the Analyst level, the role focuses on alert triage, behavioral analysis, reporting, and investigative support. At the Technical Lead level, the role provides operational leadership, quality control, prioritization, stakeholder coordination, and strategic oversight of Insider Threat operations.

This position works closely with Defensive Cyber Operations (DCO) teams, Operations Watch Officers, subscriber Insider Threat Program Managers, and U.S. Government partners to ensure effective, compliant, and mission-aligned Insider Threat detection and response..

Duties and Responsibilities
Common Responsibilities (All Levels)

• Conduct technical analysis of user activity data and alerts to identify potential insider threat indicators
• Triage alerts by correlating insider threat data with additional data sources to assess risk and intent
• Develop hypotheses and perform behavioral analysis using available tools and datasets
• Support directed requests in support of civil, workplace, counterintelligence, or law enforcement investigations
• Incorporate complex data flows and contextual information into analysis and investigative assessments
• Produce concise, accurate, and timely analytical reports for Insider Threat stakeholders and leadership
• Present analytical findings to team members and management in a clear, actionable manner
• Refine alerts based on triage results, current threat activity, and operational feedback
• Contribute to development and improvement of Insider Threat processes, procedures, and documentation
• Collaborate with Operations Watch Officers and analysts to support investigations, campaigns, and events

Required Skills

• Strong understanding of insider threat analysis and user activity monitoring
• Experience analyzing host-based data and behavioral indicators
• Ability to synthesize complex data into clear analytical conclusions
• Strong written and verbal communication skills
• Ability to operate with discretion and sound judgment in sensitive investigative environments
• Ability to work independently and collaboratively in a team environment

Desired Skills

• Bachelor’s degree from an accredited institution
• One (1) or more years of scripting or programming experience within the last three (3) years, including languages such as PowerShell, Python, Ruby, Shell/Bash, Java, C/C++, C#, Perl, or PL/SQL
• Knowledge of data science techniques such as anomaly detection and machine learning
• Expert-level understanding of insider threat indicators, user activity data, and behavioral analysis
• Familiarity with foreign intelligence entity tactics, techniques, and procedures
• Experience working in multi-tenant or service provider environments
• Experience supporting Department of Defense or Intelligence Community Insider Threat programs

Qualifications:

Clearance Level:

• Minimum of a Secret Clearance, with ability to obtain Top Secret/Sensitive Compartmented Information (TS/SCI)

Experience:

• Analyst: Minimum of three (3) years of experience supporting Department of Defense or Intelligence Community Insider Threat programs
• Subject matter expertise with Executive Order 13587, Director of National Intelligence National Counterintelligence and Security Center Insider Threat Task Force standards, and Department of Defense Insider Threat regulations and guidance (Technical Lead level)

Certifications:

• Department of Defense (DoD) 8570 Information Assurance Technical Level II

Minimum qualifications:

• U.S. Citizenship required.
• Demonstrated experience leading or overseeing insider threat operations.
• Knowledge of user activity monitoring, host-based data analysis, and alert triage.
• Strong analytical, leadership, and communication skills.

Travel:

• Up to 10% travel may be required

Preferred Qualifications:

• Minimum of one year of scripting or programming experience in PowerShell, Ruby, Python, Shell/BASH, Java, C/C++, C#, Perl, PL/SQL, or other related languages within the last three years.
• Knowledge of data science techniques such as anomaly detection and machine learning.
• Expert-level understanding of insider threat analysis, user activity data, and host-based data analysis.
• Experience with the modus operandi of foreign intelligence entities, international threat organizations, and associated cyber capabilities and operations.
• Bachelor’s Degree from an accredited university.

Highly desired

• Experience in support of Department of Defense (DoD) or Intelligence Community (IC) Insider Threat programs and subject matter expertise in:
  • Executive Order (E.O.) 13587
  • Director of National Intelligence (DNI) National Counterintelligence and Security Center (NCSC) Insider Threat Task Force Standards
  • DoD regulations and guidance regarding Insider Threat
• Experience working in a multi-tenant or service provider environment

Benefits at Sentar:

Our unique ownership model attracts top talent, giving employees the freedom to take initiative and drive meaningful improvements. In addition to cultivating a thriving and inclusive work environment, Sentar offers an extensive benefits package designed to support the well-being of employees and their families. Employee ownership is the foundation of our culture, promoting participation, teamwork, and accountability while ensuring long-term financial security and a commitment to excellence.

• Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options
• Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options
• Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees
• Generous 401(k) match
• Competitive PTO plan that graduates quickly with years of service
• Other leave programs; holiday schedule along with bereavement, maternity, jury and military duty
• Mental health awareness programs
• Tuition reimbursement
• Professional development reimbursement
• Recognition and Awards programs

If you are not ready to apply for this position, submit your resume here to join our talent community . We'll keep you updated occasionally on new job opportunities.

Sentar is an Affirmative Action and Equal Opportunity Employer M/F/Vets/Persons with Disabilities

Our culture is one of inclusivity and support. Sentar is proudly an Equal Opportunity and VEVRAA Federal Contractor Employer M/F/Vets/Persons with Disabilities. Follow these links to learn more about your rights: EEO Is the Law Poster ; EEO Is Law Supplement ; and Pay Transparency .

We want you to build your career at Sentar, so if you are an individual with a disability and require a reasonable workplace accommodation applying for a job or at any point in the employment process, contact the Recruiting Manager at recruiting@sentar.com . Please indicate the specifics of the assistance needed. Thank you for considering Sentar in your employment search.

Build, Innovate, Secure Your Career at Sentar.