Cyber Insider Threat Analyst

What You Will Do

Are you an insider threat professional? Are you interested in joining a dedicated team of counterintelligence and insider threat professionals helping to safeguard Los Alamos National Laboratory (LANL)? If you answered "Yes" to these questions, we invite you to learn more about our opening for a Cyber Insider Threat Analyst 3. The seasoned Cyber Insider Threat (CIT) Analyst assists in conducting counterintelligence and CIT analysis to assess threats to LANL and national security posed by covert or overt activities of LANL personnel or foreign entities, domestic violent extremists, and international terrorists.

• Evaluate technical cyber intelligence and complex structured and unstructured data to identify foreign and domestic cyber threats targeting DOE personnel, technologies, and networks.
• Provide cyber expertise on CI and CIT investigations and operations with a particular emphasis on digital forensics.
• Draft and finalize reports of findings of CIT concern.
• Review classified and unclassified reporting, correlate with local and Cyber Intelligence/Insider Threat Center data, and identify indicators of foreign or domestic targeting or activity.
• Support the development and application of cyber tools and best practices to strengthen the counterintelligence and insider threat mission.
• Analyze classified and unclassified information technology systems to identify vulnerabilities and intrusion indicators of CI and IT concern; collaborate and share information with LANL cyber security teams, inter‑agency partners, OCI components, the LANL Field Intelligence Element (FIE), and other LANL personnel.
• Collect, triage, and conduct forensic examinations of digital media in accordance with forensic best practices.

• Cyber Insider Threat Experience – Extensive experience and familiarity with insider threat community policy (e.g., EO 13587, DOE O 470.5A).
• Advanced Persistent Threat – Advanced technical knowledge of classic and contemporary cyber threats and vulnerabilities.
• Forensics – Demonstrated experience with network system forensics, packet capture analysis, and enterprise‑level incident response and host forensics.
• Information Technology – Advanced knowledge of Windows and Linux workstation/server management, current network technology, protocols, infrastructure, applications, services, and related protocols; advanced knowledge of distributed systems, architectures, and software.
• Briefings/Presentations – Demonstrated experience presenting intelligence/insider threat briefings to decision makers at all levels.
• Interpersonal Skills – Ability to foster teamwork and interact professionally across LANL, DOE IN, DOE Counterintelligence and Insider Threat Field Offices, and liaison partners; strong literary skills and clarity of speech.
• Education/Experience – Bachelor’s degree and a minimum of eight years of related experience, or an equivalent combination of education and experience (postgraduate coursework desirable).

• DOE Insider Threat – Familiarity with the DOE Insider Threat Program and possession of insider threat professional certifications (mandatory upon joining OCI).
• DOE Counterintelligence – Familiarity with the DOE Counterintelligence/Counter terrorism Program and knowledge of foreign intelligence service methods.
• US Intelligence Community Experience – Extensive experience and familiarity with seminal intelligence community policy (e.g., EO 12333, PDD 61) and knowledge of US intelligence and counterintelligence organizations and roles.
• Derivative Classifier Certification – Bonus; mandatory upon joining OCI.
• Foreign Language – Proficiency in a critical foreign language is advantageous.
• Clearance – Possession of an active Q clearance and SCI accesses preferred; ability to obtain these clearances expeditiously upon hire.

The work location for this position is onsite and located in Los Alamos, NM. All work locations are at the discretion of management.

Regular appointment employees are required to serve a period of continuous service in their current position in order to be eligible to apply for posted jobs throughout the…