The body of the unnamed employee, thought to be in his 40s, was found on Saturday in his own car, which was parked on a mountain near Hwasan-ri, near the city of Yongin, south of Seoul.
Preliminary investigations have concluded he died of carbon monoxide poisoning from the burning of charcoal.
In a press briefing Sunday, Yongin Dongbu police Chief Park Ki-young revealed the man left a note identifying himself as an NIS employee and confessing to deleting data relating to counterterrorism and North Korean surveillance.
The handwritten note also included reference to persistent speculation that the government spied on its own citizens in the lead up to the 2012 election. According to police, the author said: "There was really no investigation on local people and (the) election."
While the NIS confirmed the man was an employee, an NIS official declined to confirm his job title, or reveal his role within the agency.
Furor over spy software
The employee's death comes just one week after the NIS admitted to lawmakers in a private briefing that it bought remote control system software (RCS) from an Italian firm in January and July, before the December 2012 election.
According to lawmaker Lee Chul-woo from the ruling Saenuri Party, who attended the briefing, the NIS said it purchased the program "for research purposes."
RCS programs are able to hack into desktop and mobile devices for the purposes of monitoring.
The NIS told lawmakers it bought the software shortly after North Korea was accused of hacking into 25,000 computers, as a form of counterintelligence to address the foreign cyber threat.
"The NIS' position on the usage of the software is that it is being used strictly according to law and was never used against our people and do not feel the need to use it against our people," Lee said.
Shin Kyung-min, from the opposition New Politics Alliance for Democracy, said his party had requested access to NIS computers to try to get to the truth.
"We cannot determine (whether or not what NIS did is true) just based on these comments. We requested to NIS that we visit the scene and the NIS said yes. We will visit the scene at the earliest possible date."
In recent years, South Korea has become more vigilant about the threat of cyberattacks, particularly from ones it says originate from North Korea.
In 2013, an attack known as "Dark Seoul,"
paralyzed an estimated 48,000 computers at a number of major banks and broadcasters, disrupting network systems and wiping their hard disks clean.
And late last year, North Korea was accused of hacking into South Korea's nuclear operator.
Pyongyang has dismissed the claims it launched the attacks, calling them a "plot and fabrication that can never win over the truth."