Junior Cyber Incident Analyst - Notification Specialist

About The Position

Requirements

• Bachelor's degree and a minimum of 3 years of experience.
• An additional 4 years of experience may be substituted in lieu of degree.
• Demonstrated understanding of cyber-attacks and how they impact IT systems.
• Working knowledge of the MITRE ATT&CK framework, including the ability to identify and map adversary TTPs to ATT&CK tactics and techniques during incident triage and reporting.
• Demonstrated experience performing IP triage and ownership attribution, including use of WHOIS lookups, Regional Internet Registry (RIR) databases (ARIN, RIPE, APNIC), passive DNS analysis, and related OSINT methodologies to identify IP address owners and associated infrastructure.
• U.S. Citizenship required.
• Active Top Secret security clearance with the ability to obtain a TS/SCI.
• The selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

Nice To Haves

• DHS Suitability at the SCI level.
• Help Desk / Call Center experience supporting end-users.
• Experience using Shodan for system data analytics to identify vulnerable systems.
• Familiarity with MITRE ATT&CK Navigator for threat visualization, layer creation, and adversary emulation planning.
• Experience with IP intelligence platforms (e.g., Shodan, Censys, VirusTotal or similar) to enrich IP triage findings and support on-site attribution workflows.
• Relevant certifications such as CompTIA CySA+, Security+, CEH, or equivalent demonstrating foundational knowledge of threat analysis and incident response methodologies.

Responsibilities

• Serve as the Notification Specialist monitoring and reviewing multiple data sources, including intelligence, media, and law enforcement reporting, to identify cybersecurity incidents, threats, and vulnerabilities on behalf of CISA.
• Provide classified and unclassified cyber risk briefings and activity updates, to include but not limited to civilian government agencies and community stakeholders.
• Manage incident triage and coordination with analysis and detection sections to identify and analyze technology and cyber impacts to IT assets and network infrastructure (LAN/WAN), including applying security controls and ensuring proper incident management and coordination.
• Apply MITRE ATT&CK framework knowledge to map observed adversary behaviors, techniques, tactics, and procedures (TTPs) during incident triage and analysis, supporting accurate threat characterization and reporting.
• Conduct on-site IP triage activities to identify and attribute ownership of IP addresses involved in incidents, leveraging WHOIS, ARIN/RIPE/APNIC registries, passive DNS, and other OSINT tools to support accurate scoping and stakeholder notification.
• Organize, support, and manage the containment, investigation, and remediation efforts regarding incidents.
• Perform quality assurance of targeted notifications ticket actions and ticket submissions.
• Monitor, respond, and catalog targeted notification section emails as applicable.
• Submit tickets as necessary to assist with keeping the triage console free of backlogs.
• Support incident response engagements and partner with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets.
• May be required to coordinate with external organizations, authorities, and senior-level leadership.
• Utilize excellent communication skills — both verbal and written — to interface with a variety of stakeholders.

Benefits

• Overtime
• Shift differential
• Discretionary bonus