Cyber Threat Analyst

Amatriot Group•Chantilly, VA

1d•Onsite

About The Position

Amatriot is seeking a Cyber Threat Analyst to support a Cyber Technical Analysis Unit in analyzing cyber intrusion activity, digital communications, and host/network forensic artifacts in support of DoJ mission operations. This role is focused on cyber threat analysis, intrusion investigation, host-based forensic analysis, network traffic analysis, and attribution support within a highly sensitive operational environment. The ideal candidate will possess experience analyzing Splunk data, conducting host and network forensic analysis, and utilizing industry-standard forensic and cyber analysis tools to identify malicious activity, recover artifacts, and support investigative operations.

Requirements

Active Top Secret Clearance required, with willingness and ability to obtain a Counter Intelligence (CI) Polygraph.
BS/BA degree with 5+ years of relevant experience or 9 years with no degree. Advanced certifications, specialized training, or equivalent hands-on experience may be considered in lieu of years of experience
Experience performing host-based forensic analysis utilizing Splunk.
Experience analyzing network traffic, packet capture (PCAP), and NetFlow data.
Hands-on experience with industry-standard forensic tools such as: Splunk, EnCase, Magnet AXIOM, X-Ways Forensics
Understanding of cyber intrusion methodologies, attacker kill chains, malware behavior, and forensic artifact analysis.
Experience correlating threat indicators and investigative data to support attribution and operational analysis.

Responsibilities

Process, evaluate, and analyze digital network communications and cyber threat data to identify malicious activity and support investigative operations.
Conduct cyber intrusion investigations and end-to-end kill chain analysis across host and network environments.
Perform host-based forensic analysis leveraging Splunk and standard forensic toolsets to identify indicators of compromise, attacker activity, persistence mechanisms, and unauthorized access.
Analyze packet capture (PCAP) and NetFlow data to identify malicious communications, software usage, command execution, credential activity, and network-based indicators of compromise.
Correlate digital artifacts including IP addresses, URLs, malware indicators, system logs, and user activity across multiple data sources to support attribution and investigative lead generation.
Analyze encrypted and plaintext credentials, registry artifacts, rootkit activity, commandline execution, and other system-level forensic evidence.
Draft detailed technical reports and analytical findings based on cyber investigations while participating in internal review and quality assurance processes.
Support development and refinement of cyber analysis processes, CONOPS, SOPs, and investigative methodologies.
Conduct open-source and intelligence community research to maintain awareness of emerging cyber threats, malware trends, and adversary tactics, techniques, and procedures (TTPs).
Collaborate with internal teams and mission partners across the intelligence community to support tactical and strategic cyber operations.
Provide operational updates and analytical findings to leadership and investigative stakeholders.