Cyber Defense Analyst

Booz Allen Hamilton•Alexandria, VA

3d•$99,000 - $225,000•Remote

About The Position

As a cyber threat intel analyst, you know the key to detecting and deterring malicious activity is quality risk-based intel that maps to a tactical behavior. At Booz Allen, you can apply your expertise to investigate the most pressing cyber threats impacting the Army. This is your chance to guide a team as they take on the adversary’s perspective, identify their motivations, and recommend ways to harden systems, reduce their attack surface, and thwart malicious actors. As a lead cyber defense analyst on our team, you’ll oversee the collection, documentation, assessment, and analysis of raw cyber threat information to enrich intelligence. You’ll conduct strategic assessments on systems and networks and provide tactical analyses and influential recommendations for network operation. You’ll be the key to discovering and correlating timely threat intel and deciphering what represents a real risk, and you’ll play a lead role in cybersecurity threat mitigation. You'll use SIEM tools and threat intelligence feeds to identify potential threats as well as use forensics, network vulnerability, and malware analysis to conduct technical and all-source analysis of cyber threats, vectors, and capabilities. Cyber threats are evolving. Booz Allen is committed to creating an environment where you not only keep pace with the industry but propel it forward. With access to academic programs, certifications, and opportunities to use expert tradecraft, we’ll continuously invest in you so you can create the career you want as you grow. Join us. The world can’t wait.

Requirements

8+ years of experience supporting cyber operations in incident response, threat tracking, detection engineering, offensive operations, or cybersecurity and information assurance
Experience with a query and analysis platform such as SIEM or EDR, or log analytics tools
Experience analyzing endpoint, network, and log data to identify malicious or anomalous behavior
TS/SCI clearance
Bachelor's degree
DoD 8140 compliant security Certification such as Security +, CASP+, CISSP, CySA, or GIAC Certification

Nice To Haves

Experience working with OT networks such as industrial control systems (ICS) or SCADA environments
Experience working in ARNG, DA, or DoW, environments
Experience conducting proactive, hypothesis-driven threat hunts in enterprise or industrial environments
Experience mapping activity to frameworks such as MITRE ATT&CK
Experience with the development of custom detection content, signatures, or behavioral analytics beyond out-of-the-box tooling
Experience with scripting or programming such as Python or PowerShell, to automate analysis or build custom tooling
Knowledge of adversarial tactics, techniques, and procedures (TTPs)
Ability to translate cyber threat intelligence into actionable hunt hypotheses, operational plans, and detection analytics
Ability to design, test, and iterate on data collection strategies in constrained or complex environments, and clearly document findings and brief technical and non-technical audiences
Possession of strong written and verbal communication skills

Responsibilities

Oversee the collection, documentation, assessment, and analysis of raw cyber threat information to enrich intelligence.
Conduct strategic assessments on systems and networks.
Provide tactical analyses and influential recommendations for network operation.
Discover and correlate timely threat intel and decipher what represents a real risk.
Play a lead role in cybersecurity threat mitigation.
Use SIEM tools and threat intelligence feeds to identify potential threats.
Use forensics, network vulnerability, and malware analysis to conduct technical and all-source analysis of cyber threats, vectors, and capabilities.
Translate cyber threat intelligence into actionable hunt hypotheses, operational plans, and detection analytics.
Design, test, and iterate on data collection strategies in constrained or complex environments, and clearly document findings and brief technical and non-technical audiences.