Insider Threat Operations Center; ITOC Analyst Security Clearance

Position: Insider Threat Operations Center (ITOC) Analyst with Security Clearance
Sentar is proud to be an employee-owned company, fostering a culture of empowerment, collaboration, and innovation. Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the team where you can build, innovate, and secure your career. Sentar is seeking an Insider Threat Operations Center (ITOC) Analyst!

Role

Description:

The Insider Threat Operations Center (ITOC) Analyst / Technical Lead supports enterprise Insider Threat programs by conducting technical analysis of user activity data and alerts to identify indicators of malicious, negligent, or risky insider behavior. This role supports civil, workplace, counterintelligence, and law enforcement inquiries and investigations while ensuring protection of legal rights, civil liberties, and privacy. At the Analyst level, the role focuses on alert triage, behavioral analysis, reporting, and investigative support.

At the Technical Lead level, the role provides operational leadership, quality control, prioritization, stakeholder coordination, and strategic oversight of Insider Threat operations. This position works closely with Defensive Cyber Operations (DCO) teams, Operations Watch Officers, subscriber Insider Threat Program Managers, and U.S. Government partners to ensure effective, compliant, and mission-aligned Insider Threat detection and response.. Duties and Responsibilities Common Responsibilities (All Levels)
* Conduct technical analysis of user activity data and alerts to identify potential insider threat indicators
* Triage alerts by correlating insider threat data with additional data sources to assess risk and intent
* Develop hypotheses and perform behavioral analysis using available tools and datasets
* Support directed requests in support of civil, workplace, counterintelligence, or law enforcement investigations
* Incorporate complex data flows and contextual information into analysis and investigative assessments
* Produce concise, accurate, and timely analytical reports for Insider Threat stakeholders and leadership
* Present analytical findings to team members and management in a clear, actionable manner
* Refine alerts based on triage results, current threat activity, and operational feedback
* Contribute to development and improvement of Insider Threat processes, procedures, and documentation
* Collaborate with Operations Watch Officers and analysts to support investigations, campaigns, and events Required Skills
* Strong understanding of insider threat analysis and user activity monitoring
* Experience analyzing host-based data and behavioral indicators
* Ability to synthesize complex data into clear analytical conclusions
* Strong written and verbal communication skills
* Ability to operate with discretion and sound judgment in sensitive investigative environments
* Ability to work independently and collaboratively in a team environment Desired Skills
* Bachelors degree from an accredited institution
* One (1) or more years of scripting or programming experience within the last three (3) years, including languages such as Power Shell, Python, Ruby, Shell/Bash, Java, C/C++, C#, Perl, or PL/SQL
* Knowledge of data science techniques such as anomaly detection and machine learning
* Expert-level understanding of insider threat indicators, user activity data, and behavioral analysis
* Familiarity with foreign intelligence entity tactics, techniques, and procedures
* Experience working in multi-tenant or service provider environments
* Experience supporting Department of Defense or Intelligence Community Insider Threat programs

Qualifications:

Clearance Level:
* Minimum of a Secret Clearance, with ability to obtain Top Secret/Sensitive Compartmented Information (TS/SCI)

Experience:

* Analyst:
Minimum of three (3) years of experience supporting Department of Defense or Intelligence Community Insider Threat programs
* Subject matter expertise with Executive Order 13587, Director of National Intelligence National Counterintelligence and Security Center Insider Threat Task Force standards, and Department of Defense Insider Threat regulations and guidance (Technical Lead level)

Certifications:

* Department of Defense (DoD) 8570 Information Assurance Technical Level II

Minimum qualifications:

* U.S. Citizenship required.
* Demonstrated experience leading or overseeing insider threat operations.
* Knowledge of user activity monitoring, host-based data analysis, and alert triage.
* Strong analytical, leadership, and communication skills. Travel:
* Up to 10% travel may be required

Preferred Qualifications:

* Minimum of one year of scripting or programming experience in Power Shell, Ruby, Python, Shell/BASH, Java, C/C++, C#, Perl, PL/SQL, or other related languages within the last three years.
* Knowledge of data science techniques such as anomaly detection and machine learning.
* Expert-level…