(658) Insider Risk / All Source Analyst

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Description:

Arlo seeks an experienced All-Source Intelligence Analyst to provide analytic, research security, and insider risk support to NOAA’s Internal Risk Office (IRO) and its Internal Risk Mitigation Program (IRMP). The analyst will integrate classified and unclassified reporting, structured analytic methods, and insider threat tradecraft to identify, assess, and communicate risks associated with insider activity, foreign influence/FOCI, research exploitation, and protection of sensitive data, systems, and facilities. The role strengthens NOAA’s ability to meet National Insider Threat Task Force (NITTF) Minimum Standards and Executive Order 13587, align with NSPM 33 and related research security requirements, and operationalize risk informed governance, policies, and controls.

Location:  Silver Spring, MD (Hybrid 3 days onsite & 2 days remote)

Clearance:  TS/SCI

Responsibilities and/or Success Factors: 

All-Source Intelligence Analysis

• Conduct due diligence and all-source risk assessments on individuals, institutions, entities, partnerships, and research collaborations tied to NOAA grants, contracts, cooperative agreements, and facility/system access. 
• Fuse classified holdings, IC reporting, LE information, open-source research, and government data streams to support risk determinations, adjudications, and access decisions. 
• Apply structured analytic techniques and IC tradecraft (e.g., ICD 203) to assess emerging/evolving threats to NOAA’s research enterprise, including tactics, techniques, and procedures (TTPs) used by countries of concern and proxies to acquire sensitive research, data, or technology. 

Insider Risk and Research Security Support

• Identify, refine, and operationalize Potential Risk Indicators (PRIs) relevant to insider threat, foreign influence, technology transfer, and research exploitation; contribute to the PRI based risk model, scoring logic, and calibration through use case identification and analysis. 
• Support development and maturation of the use case repository; translate analytic insights into detection logic, thresholds, and escalation criteria. 
• Partner with cybersecurity, SOC, HR, personnel security, physical security, research security, privacy/civil liberties, and legal to ensure analytic outputs are actionable, ethically grounded, and privacy compliant. 

Operational Integration and Reporting

• Produce executive level and technical analytic products (classified/unclassified), decision memos, risk summaries, and briefing materials for IRMP leadership, governance boards, and interagency partners. 
• Provide analytic memoranda and escalation recommendations for incident response, case triage, and formal referrals, support drafting of Incident Response and Mitigation Reports within required timelines. 
• Contribute to monthly, quarterly, annual, and ad hoc reporting (e.g., activity summaries, performance measures, compliance updates) and assist in tracking progress against the IRMP Implementation Action Plan and roadmap.

Policy, Training, and Governance Enablement 

• Inform policy/SOP development with intelligence driven risk findings and feasible monitoring/mitigation recommendations, including technical controls to detect and prevent data exfiltration across cloud, removable media, email, and transmission vectors. 
• Support training and awareness content (briefings, workshops) to strengthen workforce understanding of insider risk indicators, research security obligations, and reporting responsibilities. 
• Participate in cross functional working groups; coordinate with NITTF, SEI/CERT, Department level stakeholders, and interagency research security partners, as directed.

Data Stewardship, Ethics, and Compliance 

• Ensure all activities adhere to privacy, civil liberties, and legal constraints (e.g., Privacy Act, CUI handling, appropriate use of personnel/security data). 
• Maintain rigorous sourcing, auditability, and dissemination practices; protect PII/PHI/CUI and classified information in accordance with applicable policy.

Minimum Qualifications Including Certificates:

• U.S. Citizen.
• Active Top Secret security clearance with SCI eligibility. 
• Bachelor’s degree in international affairs, intelligence studies, security/cyber, data analytics, or related field; equivalent experience considered. 
• 6+ years of relevant all-source intelligence or insider threat/research security analysis supporting federal missions, with demonstrated application of structured analytic techniques and IC tradecraft (e.g., ICD 203). 
• Hands on experience conducting due diligence and risk assessments using classified reporting, LE data, and open sources; demonstrated ability to identify and assess foreign affiliation, FOCI/undue foreign influence, conflict of interest/commitment, and research integrity concerns. 
• Experience supporting insider risk programs aligned to NITTF Minimum Standards and EO 13587, and familiarity with NSPM 33 and related research security directives.
• Proven ability to translate complex intelligence into executive ready products, decision memos, and briefings for senior leaders and governance bodies. 
• Strong stakeholder collaboration skills across cybersecurity/SOC, HR, legal/privacy, physical/personnel security, and research program offices. 
• Excellent written and oral communication skills; meticulous documentation and sourcing discipline.
• Ability to adapt to shifting priorities and requirements.

Desired Qualifications:

• Experience supporting research security in science/technology environments (e.g., federal labs, academic research, grants/cooperative agreements).
• Familiarity with development and operationalization of PRIs, risk scoring, and detection logic for insider risk and foreign influence use cases. 
• Knowledge of CUI handling, NIST frameworks (e.g., 800 53/800 171), and enterprise data governance/privacy controls. 
• Prior work with interagency partners (e.g., NITTF, CI/LE, SEI/CERT) and Department/Operating Unit governance processes.
• Experience with process improvement, capability development, and program building. 
• Certifications: SEI Insider Threat Program Manager/Analyst or Practitioner, SANS DFIR/OSINT, CEH/CySA+, or comparable analytical/insider risk credentials.

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.