Nghia Hoang Pho, 67, of Ellicot City, Maryland, entered a guilty plea on 1 December to the charge of taking national defence information home from 2010 to 2015 and retaining it at his residence.
Pho, a member of the NSA's Tailored Access Operations group, admitted he had kept the information at his residence both in digital form and hard copy formats. He worked as a contractor for the NSA from 2006 onwards.
He faces a maximum term of 10 years in jail and will be sentenced on 6 April 2018.
After the leaks by NSA contractor Edward Snowden in 2013, three people are known to have been involved in removing NSA material from the agency.
One, Harold Martin, was arrested last year after having taken a massive trove of NSA data home.
Pho is now known to be the second; at the time he was identified in the media as an unnamed software developer, who was said to be a Vietnamese American. He was taken into custody in 2015 after taking hacking tools home. The New York Times claimed this year that date from an NSA worker's PC had leaked to hackers in Russia; this worker is now said to be Pho.
The third person, a woman named Reality Winner, was arrested after leaking a single NSA document to The Intercept this year.
The leak of NSA files to the group known as the Shadow Brokers, which came to light when the latter made the files openly available in August last year, has been alleged to have been from Pho's computer.
A report from Kaspersky Lab in October said Pho had the company's anti-virus software running on his PC, but appeared to have turned it off in order to run a key generator so he could install a pirated copy of Microsoft Office; had the A-V not been turned off, it would not have allowed the key generator to be run.
Later, when he turned the anti-virus back on, it had run a scan on his computer, and since Kaspersky Security Network was running, it had submitted samples of suspected NSA malware code present on his machine to Kaspersky's servers for analysis. Like any A-V solution, the software uploads suspicious files to a server for later analysis and when it encountered the NSA files on Pho's machine, it did the same.
How the Russians obtained these exploits has never been made clear with allegations in the media that after they reached Kaspersky's Moscow offices, they were handed over to government hackers. Kaspersky has denied handing over any files.
Pho's plea also puts paid to theories being floated that the person who leaked NSA files to the Shadow Brokers was a man of Russian origin. As iTWire has pointed out, this theory was floated by former Washington Post employee Brian Krebs.