CTI Analyst - Mid / Public Trust

About The Position

Requirements

• Bachelor's degree and minimum of 5 years of relevant experience; or Master’s degree and 3+ years; or a PhD and 2 years.
• An additional 4 years of experience will be considered in lieu of education/degree.
• Demonstrated work experience in Cyber Threat Analytics.
• Experience working in Cyber Intelligence requiring, at minimum, a moderate technical acumen.
• U.S. citizenship required.
• Active Public Trust is required.
• Willingness and ability to travel 10-25%.

Nice To Haves

• Experience with Network Defense.
• Experience with MITRE Attack Framework.
• Experience with intrusion detection and prevention, incident response, log analysis and monitoring.
• Experience conducting Cyber Fusion Analysis.
• Experience with tools related to Vulnerability Scanning, Penetration Testing, Incident Management.
• Experience researching classified databases.

Responsibilities

• Research and analyze open source and classified reporting to identify current and emerging threat trends and work with cyber community and Intelligence Community partners to produce and offer threat intelligence products and briefings to internal and external partners and stakeholders.
• Document and report current and emerging threats that will exploit vulnerabilities of Department of Homeland Security stakeholders and to the Government.
• Communicate, coordinate, share information, and work closely with customer components.
• Document Indicators of Compromises and behaviors of new or high-impact tactics, techniques, and procedures (TTPs), used to infiltrate networks, systems, and assets.
• Develop informational and analytic products daily designed to increase situational awareness and advanced warning of current and emerging cybersecurity threats and risks.
• Report on underlying patterns of behavior by conducting detailed analysis of incidents, threats and risks and associated impacts and consequences, vulnerabilities, tactics, techniques, and procedures (TTP), and other malicious and non-malicious indicators.
• Develop operational-level trends analysis products that leverage customer internal data repositories, classified and unclassified open-source reporting to provide situational awareness of emerging cyber threat and risk trends to customer partners, stakeholders, and customers.
• Provide operational analysis coordination, research, and reporting support to the customer during internal cyber incident management exercises as well as national-level cyber exercises.
• Identify and leverage new threat-based frameworks and methodologies for analyzing adversaries’ activities based on network and system vulnerabilities, adversary tactics, techniques, and procedures (TTPs), (e.g., scanning, unsuccessful attempts, malware, phishing campaigns, privilege escalation, user and root-level intrusions, lateral movement, and data exfiltration).
• Enrich information within the Threat Indicator/Information Database to provide additional context to partial information sources and give additional information about specific IP addresses, DNS lookups and perform queries of other DHS systems or information repositories to pull additional information.
• Respond to requests for analysis and searches for corroborating, clarifying, or enhancing information or intelligence related to cyber threat activity.
• Evaluate reports of cyber threat activity by leveraging either the internally developed Threat Scoring Methodology (TSM) or the National Security Concern Score (NSCS).
• Produce weekly, monthly, quarterly, and annual performance metrics reports.

Benefits

• Employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.