Skip Navigation

Insider Threat Careers

Current Openings:

Description: Insider Threat Analyst-Investigator

Position Location: Multiple Remote


ITMG, LLC is the leading insider risk management firm focused solely on helping organizations ensure a trusted workforce by providing a range of insider risk management services including – strategic advising, insider risk assessments, program development, training, and analytic support. ITMG’s insider threat experts comprise the largest network of insider risk management practitioners in the world and include dozens of former Intelligence Community senior cyber security and insider risk management professionals. Our experts are pioneers in insider risk management and have served with numerous agencies including the FBI, DoD, DNI as well as several large corporations. Our vast network of bona fide insider threat professionals is located throughout the country, with an extended network in several countries including the UK, Australia, and Singapore. Our network includes experts in all insider threat disciplines including program development, governance, data management, user monitoring, data governance, identity and access management, training, investigation, privacy, incident response, compliance, behavioral psychology, and law.


ITMG is seeking high performing individuals to support the development and management of our clients’ Insider Threat Management Programs. Each client is a market leading Fortune 500 company.

The Insider Threat Analyst-Investigator shall conduct technical analysis and investigations of user activity data and alerts to identify indicators of insider threats. In addition to producing investigative leads, Analyst-Investigators are expected to review data in support of security inquiries and investigations. Analyst-Investigators shall compile results of analyses into reports or products that are concise, accurate, and timely and be capable of presenting the results to team members and management as required. Analyst-Investigators shall triage insider threat alerts by correlating insider threat data with other data sources to determine potential indications of malicious or risky insider activity. Analyst-Investigators shall work with cross-functional team members to refine alerts based on triage results and current events. Analyst-Investigators shall also contribute to the development of processes and procedures to support the continued improvement of the Insider Threat Management Program. We’re seeking high character, self-motivated, and results-oriented professionals who thrive in a high-impact, high-reward environment for this full-time position.


Overall Responsibilities and Duties

Analysis and Assessment. Conduct all-source analysis, cyber analysis, and investigative analysis. Coordinate the application of insider risk models and assign risk levels for insiders. Access and integrate information from client’s network monitoring tools and other data analytics tools and sources to decipher underlying trends or uncover anomalies and discern obscure patterns and attributes.

Data Triage. Conduct triage of anomalous events collected by approved User Activity Monitoring (UAM), Data Loss Prevention (DLP), User Behavior and Entity Analytics (UEBA), Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) and other client network and endpoint monitoring tools. Experience with Securonix, Digital Guardian, Demisto, Devo, Proofpoint, Netskope, or other UAM, DLP, UEBA, SIEM, and SOAR tools a plus. Elevate and investigate anomalous events of concern.

Insider Threat Investigations. Support insider threat investigation according to requirements in the established policies and procedures. Document findings in written reports.

Analytic Case Support. Conduct case support to client’s insider threat activities and requirements pursuant to investigations, administrative or security inquiries, security risk assessments, or other adjudicative assessments.

Briefings and Reports. Prepare and present analysis, in the form of briefings and reports. Briefings and reports must be free from style and grammatical errors, shall address all investigative and analytical findings, and be suitable for publication to client stakeholders.

Training. Plan, create, and deliver training on insider risk management to employees and contractors.


Minimum Requirements 

Positive Mental Attitude. Apply a “can do” attitude to each project and task.

Desire. Strive to deliver the best possible service to the client, at all times.

Persistence. Complete tasks in a timely manner, overcoming adversity, learning from mistakes, and achieving goals regardless of the challenge.

Vision. Anticipate problems and provide workable solutions.

Enthusiasm. Approach each day and task with energy and genuine interest in helping the client manage insider risk.

Integrity. Possess the character to “do the right thing,” regardless of the situation.

Specialized Knowledge and Experience:

  • Experience with analytical problem solving and familiarity with conducting operations relating to insider threat, counterintelligence investigations, or counterespionage.
  • Familiarity with data analytics tools used for insider threat information collection on computer networks or knowledge of other insider threat risk scoring data analytics tools and programs.
  • Must possess superior writing and briefing skills.
  • Understanding of insider threat analysis, user activity data, and DLP data.
  • Experience with the modus operandi of insider threat and associated capabilities and motivations.
  • Experience in support of government or large corporate Insider Threat Programs.
  • Demonstrated ability using insider threat monitoring and analytical tools and technologies, including DLP, UEBA, and UAM.
  • Ability to create a baseline and sustained metrics program.
  • Strong presentation skills and ability to express ideas verbally and in writing to a variety of audience level, including senior security, corporate management and large audiences.
  • Ability to design, plan, and deliver effective training programs.

Our Values: 

Everything we do at ITMG is guided by our values.

Experience. At ITMG, we believe that “an opinion is only worth the experience that supports it.” Our employees are bona fide insider risk professionals who are continuously learning and developing their expertise.

Character. We seek employees who always “do the right thing,” regardless of the situation or circumstance. Our goal is to continuously deliver the highest quality of service to the client.

Going the Extra Mile. We strive to exceed our client’s expectations. Our focus is on developing lasting relationships based on the confidence that ITMG will do more than what is expected.

ITMG is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, disability, age (40 or older), genetic information (including family medical history) or protected Veteran status.