Insider Threat & Counterintelligence Investigator

The Security & Intelligence Directorate (S&ID) protects AFS personnel, information, systems, and mission environments through integrated security and intelligence functions. S&ID delivers a full spectrum of capabilities—intelligence analysis, risk assessment, investigative activities, and operational security support—across AFS business portfolios and locations.

About the Counterintelligence & Insider Threat (CIT) Team

The CIT Team conducts analytic, investigative, and operational activities to prevent, detect, assess, and mitigate threats posed by malicious insiders, foreign intelligence entities, and external actors targeting AFS or its federal clients. CIT personnel support insider threat investigations, threat assessments, OSINT exploitation, and intelligence production for internal stakeholders and senior leadership.

Under the direction of the Chief, Risk Management Branch, the Insider Threat & Counterintelligence Investigator/Analyst will:

Investigations & Casework

• Conduct insider threat and counterintelligence focused investigations involving anomalous behavior, security concerns, foreign intelligence indicators, personnel risk factors, and potential insider activity.
• Perform structured investigative research using internal AFS systems, government furnished data, and external sources.
• Conduct interviews, document reviews, and investigative inquiries as assigned.
• Maintain complete, accurate investigative case files in accordance with established protocols and analytic tradecraft standards.

Open-Source Intelligence (OSINT) & Research

• Conduct advanced OSINT research leveraging publicly available information (PAI), social media, digital footprints, commercial data sources, and specialized research tools.
• Fuse OSINT findings with internal datasets, risk indicators, and technical reporting to identify potential threats or elevate investigative focus.
• Maintain awareness of evolving OSINT tools, techniques, and analytic methodologies to strengthen CIT capabilities.

Analytic Production & Reporting

• Produce timely, well structured written products—including investigative reports, analytical assessments, incident summaries, and threat analyses—tailored to technical and non technical audiences.
• Develop both tactical (incident based) and strategic (trend focused) products adhering to analytic tradecraft.
• Present findings to security partners, leadership, and risk stakeholders in clear, concise briefings.

Risk Monitoring & Threat Detection

• Identify patterns or trends related to insider threat activity or foreign intelligence risk.
• Provide recommendations for mitigation actions, protective measures, or follow on investigative activity.

Collaboration & Operational Support

• Coordinate closely with Legal, HR, Cyber Incident Response Team, S&ID and federal program teams to validate findings and support risk mitigation decisions.
• Support crisis response, incident management, and real time threat monitoring during emerging events affecting AFS.
• Leverage partnerships across government, industry, and professional networks to maintain awareness of threats, vulnerabilities, and best practices.

Program Development

• Assist in developing and refining tools, methodologies, and SOPs for investigations, risk analysis, OSINT research, and analytic production.
• Contribute to continuous improvement of AFS’s Insider Threat and CI programs through innovation, lessons learned, and integration of new data sources.

What you need

• TS+ clearance with SCI or SCI eligibility.
• Bachelor’s degree in intelligence studies, national security, criminal justice, cybersecurity, international affairs, or related fields, OR equivalent professional experience.
• 3–5 years of experience in insider threat investigations, counterintelligence, security risk analysis, intelligence analysis, or related fields.
• Demonstrated experience conducting OSINT research, digital footprint analysis, or social media investigations.
• Strong investigative skills with the ability to assess behavior, identify anomalies, and synthesize information from diverse datasets.
• Excellent written communication skills, with demonstrated ability to produce clear, accurate, and persuasive investigative and analytical products.
• Familiarity with insider threat indicators, CI methodologies, risk frameworks, and behavioral analysis concepts.
• Experience using analytic tools, OSINT platforms, case management systems, and structured research methodologies.

Bonus if you have

• Experience handling sensitive personnel, behavioral, or security information in investigative contexts.
• Knowledge of federal insider threat standards (e.g., NISPOM, EO 13587, NITTF guidance).
• Familiarity with federal cybersecurity, personnel security, or counterintelligence processes.
• TS/SCI with polygraph strongly preferred.
• Professional training or certifications in insider threat, counterintelligence, intelligence analysis, or related disciplines.
• TS/SCI with poly.
• Certifications in insider threat, CI, or intelligence analysis.