DCO Analyst - SME

About The Position

Requirements

• 6+ years of DCO experience in a DoD environment
• 5+ years hands-on experience with APT detection, threat hunting, or intrusion analysis
• 3+ years developing and delivering technical training for cyber operations personnel
• Demonstrated experience with SIEM, EDR, NDR, and threat intelligence platforms
• Background in operational cyber defense (e.g., SOC, DCGS-A/N, JFHQ-DODIN, etc.)
• Deep understanding of APT tactics, techniques, and procedures (e.g., MITRE ATT&CK framework)
• Proficiency with data analytics platforms, such as Splunk, ELK Stack, Chronicle, Sentinel, or similar
• Experience with threat intelligence integration and operationalization
• Knowledge of packet analysis, log correlation, and behavioral analytics
• Familiarity with scripting/query languages, such as SPL, KQL, SQL, Python
• Excellent problem-solving skills, to include analytical and troubleshooting abilities, with a strong attention to detail
• Travel 20% of the time to meet with customers and perform on-site support activities
• Active TS/SCI with Poly is required

Nice To Haves

• Experience with DoD requirements development processes
• Background supporting USCYBERCOM, Service Cyber Components, or NSA/CSS
• Prior military cyber operations experience (e.g., 17X, 1B4, CTN, 17C, etc.)
• Experience with learning management systems and training effectiveness measurement
• Knowledge of adult learning principles and instructional design
• Familiarity with Agile/SAFe methodologies for capability delivery

Responsibilities

• Design role-based training curriculum for cyber analysts, threat hunters, and incident responders using APT detection tools managed by PdM MCCO on behalf of MFCC
• Develop hands-on lab exercises using realistic APT scenarios and adversary emulation
• Create quick reference guides, playbooks, and standard operating procedures
• Establish and support train-the-trainer programs for distributed training across commands
• Provide embedded support during initial operational capability (IOC) periods
• Conduct over-the-shoulder mentoring during live threat hunting operations
• Lead complex investigation walkthroughs demonstrating advanced analytical techniques
• Facilitate after-action reviews that identify training reinforcement needs
• Support operational testing and validation of new detection capabilities
• Develop use cases and detection logic for high-priority threat scenarios
• Optimize query performance and search efficiency for operational tempo
• Train analysts on statistical methods, anomaly detection, and pattern recognition
• Bridge communication between data engineers and operational analysts

Benefits

• medical
• dental
• vision
• paid time off
• 401(k)
• life insurance
• flexible work schedules
• holidays