Cyber Threat Analyst (I&W) with Splunk and Analyst1 / Active Top Secret

About The Position

Requirements

• A Bachelor’s degree and 9 years of relevant experience. An additional 4 years of experience may be substituted in lieu of the bachelor's degree requirement.
• Must either possess and maintain, or obtain prior to start date, one of the following professional certifications: CASP+ CE, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), Cloud+, CND, CySA+, GCED, GCIH, GICSP, SSCP.
• Must have experience with Splunk SIEM and Analyst1 threat intelligence platform.
• Must have demonstrated experience in cyber threat intelligence with specific knowledge of APT actors and their operations
• Experience leveraging the MITRE ATT&CK matrix or other threat models (e.g. Lockheed Martin Kill Chain, Diamond Model).
• Knowledge or experience tracking advanced persistent threats (APTs). Knowledge or experience pivoting from IOCs to identify related infrastructure.
• Familiarity with threat detection tools
• Strong analytical and critical thinking skills
• Knowledge of cloud security and threats targeting cloud environments
• An understanding of network protocols and systems
• Experience developing predictive models to anticipate future cyber threats and recommending preemptive measures
• Experience working in a fast-paced classified environment with government, military or Intelligence Community environments.
• Experience providing intelligence support prior to, or during cyber incidents; this may include attribution analysis, adversary profiling based on known tactics, techniques and procedures or the ability to correlate disparate events using industry, academic or government methodologies or best practices.
• Experience assisting in post-incident reviews to identify lessons learned and improve threat detection capabilities
• Demonstrably excellent written communication skills with the ability to convey highly technical topics in an analytic fashion; familiarity or experience with ICD-203 Intelligence Community tradecraft standards and finished intelligence product lines is desirable.
• Ability to work independently as well as with a team of other analysts.
• Active U.S. Passport and the ability to travel up to two weeks at a time, both foreign and domestically.
• U.S citizenship required.
• An active Top Secret security clearance with SCI eligibility.

Nice To Haves

• Familiarity or experience with ICD-203 Intelligence Community tradecraft standards and finished intelligence product lines is desirable.

Responsibilities

• Be a key part of the Indications and Warnings team.
• Leverage open-source, proprietary/vendor, and classified reporting to closely track advanced persistent threat actor activity.
• Perform pattern, trend, and behavior analysis, as well as other specialized analysis techniques to identify malicious cyber threat activity targeting DOS information, systems and personnel.
• Maintain records to catalog and track malicious cyber threat activity targeting DOS information, systems and personnel.
• Identify Indicators of Compromise (IOCs) present on an Enterprise network through the use of a SIEM and other security tools and logs.
• Liaise with members of the Intelligence Community (IC).
• Acts as the fusion analysis cell within Cyber Threat Analysis Division (CTAD).
• Monitor geopolitical developments, emerging technologies and threats to assess their impact on the cyber threat landscape.
• Author and present on short notice cyber threat-focused analyses to technical and non-technical audiences including but not limited to policymakers and security practitioners.
• Correlate threat intelligence with internal security events to identify patterns and potential vulnerabilities.

Benefits

• Overtime
• Shift differential
• Discretionary bonus