Lead Cyber Fusion Analyst

About The Position

Requirements

• Active DoD TS/SCI Clearance and eligible for polygraph.
• DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.).
• Bachelor’s degree in related discipline and 12+ years of related experience. Additional experience may be accepted in lieu of degree.
• Strong communications and interpersonal skills.
• Proficient in Microsoft Office applications (Word, Excel, Outlook, PowerPoint).
• Proficient in Windows 7/8/10/11.
• Ability to work in a virtual environment like Microsoft Teams.
• Experience working with members of the Intelligence Community (IC) and knowledge and understanding of Intelligence processes.
• In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.
• Proficiency with datasets, tools and protocols that support analysis (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.).
• Experience with IC repositories (Pulse, TESTFLIGHT, etc.)
• Experience with various open-source and commercial vendor portals, services and platforms that provide insight into how to identify and/or combat threats or vulnerabilities to the enterprise.
• Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs).

Nice To Haves

• Experience with the DODIN and other DoD Networks.
• Familiarity with DoD portals and tools (RAMs, IKE, JCC2, etc.)
• Experience with proprietary OSINT Sources (Mandiant, Recorded Future, Shodan, etc.)
• Skilled in building extended cyber security analytics (Trends, Dashboards, etc.).
• Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
• Experience in intelligence driven defense and/or Cyber Kill Chain methodology.
• IAT Level III or IAM Level II+III Certifications

Responsibilities

• Lead the DCDC Fusion Analyst team including employee engagement, training, performance reviews, and all other Leidos employee needs.
• Includes mentoring, assigning and reviewing work and planning/scheduling to ensure milestones are completed in accordance with the program work statement.
• Identify problems, determine accuracy and relevance of a broad range of technical information.
• Use sound judgment to generate, evaluate, and execute alternative courses of action.
• Produce timely, effective, decision-quality technical recommendations to support senior leadership.
• Serve as a lead for planning, coordination, implementation, validation, mitigation, and compliance of cyber operations/intel security tasks.
• Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
• Support the development of Cyber Fusion standard operating procedures (SOPs), and Cyber Fusion Framework and Methodology based on industry best practice and department of defense instruction, guidance, and policy.
• Identify threats to the enterprise and provide mitigation strategies to improve security and reduce the attack surface.
• Perform analysis by leveraging serialized threat reporting, intelligence product sharing, OSINT, and open-source vulnerability information to ensure prioritized plans are developed.
• Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment.
• Discover adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data.
• Analyze and track vulnerability disclosure program (VDP) incidents as it relates to intelligence reporting.
• Identify, investigate and rule out system compromises, with the capacity to provide written analytic summaries and attack life cycle visualizations.
• Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
• Offer recommendations to adjust enterprise or tactical countermeasures to for threats impacting the DODIN.
• Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.
• Provide guidance regarding the use of OSINT techniques in the pursuit of investigatory requirements.
• Perform quality assurance duties on behalf of JDOC leadership, ensuring that SIGACTs are compliant with JDOC policies, as well as ensuring that all information is captured before closure.

Benefits

• Pay and benefits are fundamental to any career decision.
• That's why we craft compensation packages that reflect the importance of the work we do for our customers.
• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.
• More details are available here.