Cybersecurity Analyst (CDAP) - Journeyman

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 462-Control Systems Security Specialist — Basic proficiency; must hold ONE OR MORE of the following: DAF 462 (Basic) (ICS)
• 3+ years of experience in cybersecurity
• Experience developing and tuning detection logic or analytic content for anomalous activity, behavioral indicators, or insider threat use cases.
• Experience correlating data from multiple security or user activity sources to support alert triage, investigative analysis, and documented findings.
• Ability to produce clear investigative documentation, supporting evidence, and reporting suitable for case development and stakeholder review.
• Experience coordinating with incident response, security operations, cyber intelligence, or security engineering teams to validate findings and improve detection outcomes.
• Familiarity with continuous monitoring objectives, RMF-aligned security operations, and documenting artifacts that support ongoing cybersecurity compliance.
• Experience working within enterprise cybersecurity operations supporting classified and unclassified environments.

Responsibilities

• Develop, implement, and tune analytic rules, correlation logic, and behavioral detections to identify anomalous user activity, insider threat indicators, and high-risk patterns across ARNG enterprise environments.
• Correlate data from multiple security and user activity sources to support triage, investigation, and evidence-based analysis of alerts, suspicious behaviors, and potential insider threat activity.
• Perform in-depth alert analysis and document investigative findings, recommended actions, and supporting artifacts for case development, reporting, and follow-on response activities.
• Coordinate with SOC, CIRT, CTIC, defensive cyber, and security engineering personnel to validate findings, refine detection content, and support escalation through Tier 2 incident, problem, and change processes as appropriate.
• Create and improve MITRE ATT&CK-based analytics within the ARNG USIEM environment to enhance threat-informed detection and centralized visibility.
• Support integration and refinement of detections using relevant enterprise data sources identified in ENOCS operations, including SIEM/C2C/DLP analytics, Zeek metadata, Sysmon-based monitoring, EDR telemetry, and baseline/trend analysis.
• Coordinate with USIEM engineers and AESS-aligned endpoint security stakeholders to improve enabling data sources, detection coverage, and analytic effectiveness across classified and unclassified enclaves.
• Ensure analytic development and investigative activities align with DoD and ARNG cybersecurity policy, insider threat program requirements, RMF controls, eMASS evidence expectations, and continuous monitoring objectives.
• Contribute to reporting and governance activities that strengthen cyber defense across the DoDIN-Army-NG AOR and support coordination with NETCOM, ARCYBER, USCYBERCOM, and RCC stakeholders when required.