Cybersecurity Threat Analyst - Journeyman

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 212-Cyber Defense Forensics Analyst — Advance proficiency; must hold ONE OR MORE of the following: GREM, CFR, CySA+, GCFA, GCFE, PenTest+
• 3+ years of experience in cybersecurity
• Masters degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience analyzing threat activity, security events, and operational indicators to identify trends, risks, and potential malicious activity.
• Experience producing written analytical findings, recommendations, and reporting suitable for operational and compliance stakeholders.
• Experience supporting threat research, event correlation, and detection improvement activities in coordination with cybersecurity operations teams.
• Familiarity with continuous monitoring practices in support of DoD or ARNG cybersecurity policy requirements.
• Ability to correlate data from multiple security sources to support incident analysis and proactive defense activities.
• Experience working in environments that support both classified and unclassified network operations.
• Ability to document analysis in a clear, auditable manner that supports operational follow-through and compliance reporting.

Responsibilities

• Analyze emerging cyber threats, attack patterns, and security telemetry to identify operational risk trends affecting ARNG classified and unclassified network environments.
• Correlate threat intelligence with security events, indicators, and operational data to support proactive defense across Task 3 — Cybersecurity Operations Support.
• Support refinement of detection content and analytic logic in coordination with SOC, cyber threat intelligence, and defensive cyber teams.
• Develop findings, recommendations, and written threat reporting that support continuous monitoring requirements and alignment with DoD and ARNG cybersecurity policy.
• Perform event correlation and pattern analysis using available enterprise data sources, including USIEM analytics, EDR, IDS/IPS events, DLP analytics, Zeek metadata, and Sysmon-derived monitoring.
• Apply MITRE ATT&CK-based analytic approaches to help identify adversary tactics, techniques, and procedures and improve threat-informed detection coverage.
• Coordinate with operational stakeholders, including the NETCOM Global Cyber Center and DISA DCDC, as required to support shared situational awareness across the DoDIN-Army-NG area of responsibility.
• Document threat analysis results, recommended actions, and supporting evidence for use by SOC analysts, incident response personnel, and cybersecurity leadership.
• Contribute to continuous monitoring and compliance reporting by producing accurate, traceable analysis that supports broader RMF and cybersecurity operations objectives.