Army MOS Career Guide

35L — Counterintelligence Agent:
Civilian Career Guide

A 35L brings counterintelligence investigations, incident response, insider-threat detection, collection and reporting, analysis production, source and operational management, CI awareness training, support plans, special investigative techniques, technical oversight, threat reporting, and TS/SCI work. Civilian translation must separate classified mission value from lawful, policy-based security and investigation functions.

TS/SCI required

Info security median: $124,910

CFE exam: $480

Army Chapter 10C note

Army Chapter 10C identifies 35L as Counterintelligence Agent, effective 202410. The entry covers investigations, operations, collection and reporting, analysis production, and technical services to detect, identify, counter, exploit, or neutralize foreign intelligence entity and international terrorist threats to the Army and DoD. It includes CI-related insider threat detection, countering foreign adversary collection efforts, legal and policy compliance, Covering Agent Program support, Threat Awareness and Reporting Program training, CI incident response, investigative reports, management of military CI collections and Intelligence Information Reports, planning and supervising covering agent duties, evidence collection, worldwide CI activities across investigations, operations, collections, analysis, and production, CI awareness training, CI support plans, report writing and dissemination, CI Agent recruitment processing, technical control and oversight, source and operational management, special investigative techniques, CICA and 2X staff management, TS/SCI requirements, formal CISAC training, and a one-year probationary program.

Civilian translation starts here

Build a 35L civilian career plan

Turn your MOS duties, mission evidence, credentials, and leadership scope into a targeted civilian roadmap.

Build My 35L Blueprint →

Section 01

Top Civilian Role Matches for 35L

Counterintelligence / Insider Threat Analyst Top cleared bridge

$75k – $175k

The strongest bridge for 35L veterans is cleared counterintelligence, insider-threat, and threat-analysis work. The MOS includes CI investigations, incident response, foreign intelligence threat awareness, insider-threat detection, collection and reporting, analysis production, CI awareness training, and legal or policy compliance. Civilian employers need sanitized examples of indicators reviewed, reports produced, stakeholders briefed, training delivered, risk decisions supported, and program improvements. Clearance, contract fit, writing samples, and judgment under legal constraints matter heavily.

CIInsider threatReportsTraining

Demand improves when experience is translated into civilian requirements, credentials, documentation, and measurable scope

Source: BLS Information Security Analysts · Median $124,910 (May 2024)

Security Investigator / Personnel Security Specialist

$60k – $140k

35L experience can map into personnel security, background investigations, suitability, clearance support, and security investigations when translated carefully. Employers want interviewing, record review, evidence handling, report writing, privacy limits, adjudicative support, and case timeliness. Do not present classified authority as civilian authority. Show how you gathered facts, assessed indicators, wrote defensible reports, coordinated with stakeholders, protected sensitive data, and followed law, executive orders, DoD policy, or employer procedures. Include case volume and cycle time when those details can be shared.

Personnel securityCasesInterviewsPrivacy

Demand improves when experience is translated into civilian requirements, credentials, documentation, and measurable scope

Source: BLS OEWS Private Detectives and Investigators · Median $49,540 (May 2023 profile)

Corporate Investigations / Threat Management Analyst

$65k – $155k

Corporate investigations and threat-management teams look for people who can handle sensitive allegations, workplace threats, policy violations, insider risk, executive concerns, and cross-functional coordination. 35L background helps when the resume emphasizes lawful process, evidence, interviews, documentation, deconfliction, stakeholder briefings, and risk mitigation. Civilian work may involve HR, legal, cyber, physical security, privacy, and ethics teams, so translate military CI into business risk language instead of operational labels. Include case volume, response time, and policy outcomes when appropriate.

InvestigationsThreat managementLegal partnersRisk

Demand improves when experience is translated into civilian requirements, credentials, documentation, and measurable scope

Source: BLS Management Analysts · Median $101,190 (May 2024)

Intelligence / Threat Analyst

$70k – $165k

CI collection and reporting, analysis production, IIR management, threat awareness, special investigations support, and reporting discipline can support intelligence or threat analyst roles in government, contracting, critical infrastructure, finance, and security organizations. The best applications show structured analytic judgment, source evaluation, reporting cadence, stakeholder needs, briefings, and decision support. For cleared roles, maintain classification discipline. For private-sector roles, connect threat work to business risk, protective actions, and executive decisions.

Threat analysisBriefingsReportingDecision support

Demand improves when experience is translated into civilian requirements, credentials, documentation, and measurable scope

Source: BLS Management Analysts · Median $101,190 (May 2024)

Security Program Manager / CI Training Lead

$90k – $190k

Senior 35Ls supervise CI activities, awareness training, support plans, technical control, operational management, reports, recruitment processing, and staff functions. That can translate into security program manager, insider-threat program lead, or CI training lead roles. Employers want program scope: people trained, reports reviewed, investigations coordinated, policies implemented, risks reduced, leaders advised, and audits or inspections supported. This path fits veterans who can combine investigative credibility with governance, training, and stakeholder management.

ProgramsTrainingGovernanceLeadership

Demand improves when experience is translated into civilian requirements, credentials, documentation, and measurable scope

Source: BLS Management Occupations · Group median $122,090 (May 2024)

Section 02

Transferable Strengths: What Civilian Employers Actually See

Source-Grounded Analysis

Intelligence work rewards disciplined sourcing, collection limits, confidence levels, and defensible judgments. Civilian employers need the same habits in threat analysis, risk analysis, security programs, investigations, compliance, and geospatial decision support.

Sensitive Information Handling

Clearance, compartmented work, reporting channels, and need-to-know habits are useful only when translated carefully. Show governance, discretion, controlled dissemination, and policy compliance without exposing protected methods, targets, or classified mission details.

Briefing Decision Makers

Senior leaders need concise judgments, options, and risk. Convert military briefings into executive communication: what changed, why it mattered, what evidence supported it, what decision was needed, and what action followed.

Cross-Functional Coordination

Intelligence rarely works alone. Employers value coordination with operations, security, legal, technical teams, law enforcement, and leadership when you can explain the stakeholder map and the outcome without relying on unit names.

Documentation Under Scrutiny

Reports, collection notes, imagery products, investigative records, and plans must survive review. Civilian resumes should highlight accuracy, timeliness, version control, quality checks, audit readiness, and how documentation supported a decision.

Section 03

Common Mistakes 35Ls Make in the Civilian Job Search

01

Assuming Civilian Authority Transfers

Military experience can support the application, but civilian authority comes from the agency, state licensing board, employer, academy, court system, or credential program. Say what you have done, then identify the civilian gate honestly.

02

Writing a Duty List Instead of a Value Case

A list of Army tasks does not tell employers what problem you solve. Rewrite duties into risk reduced, evidence protected, reports completed, people supervised, facilities secured, products delivered, incidents handled, or decisions supported.

03

Skipping the Sensitive-Information Filter

Do not disclose protected details, classified methods, victims, suspects, targets, vulnerabilities, or facility weaknesses. Strong resumes use sanitized scope, tools, process, outcomes, and stakeholders so the reader sees capability without unnecessary exposure.

Section 04

Certifications and Bridges That Matter for 35L

ACFE Certified Fraud Examiner

Cost CFE exam application fee: $480Time Experience and membership eligibility applyFormat ACFE credential exam

ACFE lists the CFE exam application fee at $480.

Investigation bridge · Useful for fraud, insider risk, and corporate investigations

ASIS Certified Protection Professional

Cost ASIS exam fee: $580 member / $910 nonmemberTime Senior experience requirements applyFormat ASIS board certification

ASIS lists board certification exam fees at $580 for members and $910 for nonmembers.

Security management · Strong for senior CI and security program paths

ISC2 CISSP

Cost CISSP exam: $749 in the AmericasTime Experience requirements applyFormat ISC2 exam through Pearson VUE

ISC2 lists CISSP at $749 in the Americas.

Cyber-insider bridge · Useful when 35L work touches insider threat or security governance

Section 05

Resume Translation: From 35L to Civilian Language

Translate the MOS into civilian functions, risk controls, documentation, stakeholders, and measurable outcomes.

Before: Vague military language

Served as a counterintelligence agent. Conducted investigations, wrote reports, trained personnel, and supported operations.

After: Civilian language that gets callbacks

Conducted counterintelligence and insider-threat support through incident response, investigative reporting, collection and reporting management, evidence coordination, CI awareness training, support-plan development, threat briefings, source and operational management support, report review, stakeholder coordination, and lawful handling of sensitive information. Supported leaders with timely risk analysis, protected sensitive sources and methods, maintained TS/SCI eligibility, and translated foreign-intelligence and insider-threat indicators into documented actions under Army and DoD policy.

35L resume formula

Start with the civilian function, not the unit or mission name.
Name the records, tools, procedures, populations, systems, or evidence handled.
Separate direct execution from supervision, planning, training, and quality control.
Show the environment: installation, detention facility, field site, operations center, legal setting, or intelligence cell.
State credential or clearance status carefully: active, eligible, required, pursuing, agency-specific, or employer-specific.
Always quantify: people, cases, reports, incidents, records, products, teams, facilities, training events, or outcomes improved.

Last updated June 2026 using Army Chapter 10C MOS 35L pages 172-173, BLS Information Security Analysts wage data, BLS Management Analysts wage data, ACFE CFE exam fees, ASIS certification fees, and ISC2 exam pricing.

Section 06

35L Civilian Career FAQs

What civilian jobs fit 35L experience best?

Strong matches include counterintelligence analyst, insider-threat analyst, security investigator, personnel security specialist, threat-management analyst, corporate investigator, intelligence analyst, and security program manager roles.

Can a 35L discuss classified investigations on a resume?

No. Use sanitized scope, functions, customers, report types, risk areas, training, timelines, and outcomes. Do not disclose classified sources, methods, targets, vulnerabilities, identities, operational details, or sensitive case facts.

What should a 35L quantify?

Quantify reports written, cases supported, training audiences, briefings delivered, plans produced, stakeholders coordinated with, incidents triaged, products reviewed, policy updates supported, and program improvements delivered.

Which credential helps a 35L most?

It depends on the lane. CFE helps investigations and fraud, ASIS CPP helps senior security management, and CISSP helps insider-threat or security-governance roles connected to cyber risk.

Next step

Translate 35L experience into a focused target list

Use CommandPath to map your strongest roles, credential gaps, resume bullets, and interview proof before you start applying.

Build My 35L Blueprint →