Forensic Insider Threat Analyst

Are you interested in helping protect critical research, national security initiatives, and cutting-edge innovation from insider threats?

If so, join us at APL!

We are seeking a Forensic Insider Threat Analyst to help identify, investigate, and mitigate insider risk in a complex and highly collaborative research environment. In this role, you'll leverage user activity monitoring, endpoint and identity telemetry, and forensic analysis to detect suspicious behavior and support sensitive investigations.

You'll work across a large set of stakeholders-including IT, Information Security, Research Administration, Legal, HR, and leadership-to address potential risks with discretion and precision. Our team is focused on balancing strong security practices with privacy, mission needs, and the unique demands of sponsored research. If you're curious, analytical, and motivated to solve complex security challenges, you'll fit right in.

As a Forensic Insider Threat Analyst, you will...

• Monitor user activity and security telemetry to identify anomalous or high-risk behavior.
• Detect and investigate insider threat incidents, including data exfiltration, unauthorized access, credential misuse, intellectual property theft, and policy violations.
• Correlate data across sources such as SIEM, EDR, DLP, IAM, email, and endpoint logs to build comprehensive investigative timelines.
• Conduct digital forensic analysis while preserving evidence integrity and maintaining proper chain of custody.
• Document findings in clear, defensible reports to support investigations and decision-making.
• Leverage behavioral indicators and detection logic to enhance early identification of insider threats.
• Support containment and remediation efforts in coordination with IT security and incident response teams.
• Analyze access patterns involving sensitive research data, proprietary information, and regulated datasets.
• Provide case support for matters involving export-controlled research, sponsored programs, and sensitive personnel concerns.
• Recommend improvements to security controls, policies, and awareness efforts to reduce insider risk.
• Contribute to the growth and maturity of the Insider Threat Program, including workflows, case management, and metrics.

Minimum Qualifications

• Bachelor's degree in cybersecurity, digital forensics, computer science, information systems, criminal justice, or a related field, or equivalent experience.
• 2 or more years of experience in cybersecurity, digital forensics, insider threat analysis, or security investigations.
• Hands-on experience with user activity monitoring platforms and security analytics tools.
• Experience analyzing logs and data from SIEM, EDR, DLP, IAM, and endpoint systems.
• Strong understanding of forensic methods, evidence handling, and investigative documentation.
• Ability to analyze complex datasets, identify patterns, and communicate findings clearly.
• Experience working with confidential information and maintaining discretion.
• This position may require occasional after-hours support for active incidents or urgent investigations.
• Strong written and verbal communication skills.
• Are able to obtain Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

Desired Qualifications

• Experience in higher education, research institutions, healthcare, life sciences, engineering, or similarly complex environments.
• Familiarity with protecting classified information, intellectual property, research data, and controlled or sensitive information.
• Knowledge of privacy, employment, monitoring, and data governance requirements in a private-sector academic environment.
• Certifications such as GCITP, GCFA, GCFE, CHFI, CISSP, CISM, or related credentials.
• Experience supporting investigations involving email abuse, cloud platforms, and collaboration tools.
• The research center seeks a detail-oriented security professional who can protect critical research assets while supporting a collaborative and national security mission-driven environment.

Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at

All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please View email address on click.appcast.io.

The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.