Advanced Threat Detection Analyst

About The Position

Requirements

• Clearance: Minimum active DoD Secret clearance with the ability to obtain and maintain a TS/SCI.
• Certification: Current DoD 8570 IAT Level II (or higher), such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC.
• Education & Experience: Requires a BS degree and 8–12 years of prior relevant experience, OR a Master's with 6 - 8 years of prior relevant experience. A Doctorate may also be considered.
• Leadership Experience: 4+ years of formal or informal leadership experience.
• Cybersecurity Experience: 8+ years of cybersecurity experience with an in-depth understanding of advanced computer defense technologies.
• Expertise in the following areas: Proven ability to develop innovative solutions by researching and integrating best practices.
• Demonstrated experience using frameworks like the Cyber Kill Chain and MITRE ATT&CK to influence strategic goals.
• Ability to lead and manage the work of a technical, multi-site team.
• Excellent verbal and written communication skills, with experience influencing executive leadership.

Nice To Haves

• Experience working for a Cybersecurity Service Provider (CSSP) or Security Operations Center (SOC).
• Knowledge of Threat Hunting practices, techniques, and Advanced Persistent Threats (APTs).
• Advanced knowledge of a prominent Security Information and Event Management (SIEM) tool (e.g., Splunk, Elasticsearch).

Responsibilities

• Strategic Threat Intelligence Leadership: Serve as a subject matter expert on advanced threat intelligence principles (e.g., Cyber Kill Chain, MITRE ATT&CK), influencing the development of solutions that impact strategic program goals.
• Develop and recommend new technical standards and products to support the organization's cyber defense strategy.
• Innovative Solution Development: Resolve highly complex problems by conceptualizing, researching, and integrating best practices.
• Lead the development of highly innovative solutions, such as custom signatures and advanced correlation logic, by interpreting threat actor tactics, techniques, and procedures (TTPs).
• Executive Communication & Influence: Communicate matters of significant importance to executive leadership, both internally and with the client.
• Deliver authoritative threat briefs to senior leaders and work to convince stakeholders to accept and adopt new concepts, practices, and security approaches.
• Team Leadership & Management: Lead and manage the work of other technical staff, including mentoring and training fusion analysts on advanced TTPs.
• Ensure the team's work on incident handling, event triage, and network analysis has a significant and positive impact on project results and outputs.
• Advanced Operational Collaboration: Drive daily coordination with the DISA Global Countermeasures Team and external agencies.
• Ensure the seamless integration of threat intelligence into countermeasures to proactively detect, prevent, and mitigate intrusions and malware infections across the enterprise.
• Process & Documentation Oversight: Direct the creation and maintenance of all process documentation for the fusion team, ensuring that operational standards align with strategic objectives and reflect industry best practices.