Threat Analyst (I&W) with Splunk

About The Position

Requirements

• A Bachelor’s degree and 9 years of relevant experience. An additional 4 years of experience may be substituted in lieu of the degree requirement.
• Must either possess and maintain, or obtain prior to start date, one of the following professional certifications: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, SSCP.
• Experience with Splunk SIEM.
• Experience leveraging the MITRE ATT&CK matrix or other threat models (e.g. Lockheed Martin Kill Chain, Diamond Model).
• Knowledge or experience tracking advanced persistent threats (APTs).
• Knowledge or experience pivoting from IOCs to identify related infrastructure.
• Familiarity with threat detection tools
• Knowledge of cloud security and threats targeting cloud environments
• An understanding of network protocols and systems
• Experience developing predictive models to anticipate future cyber threats and recommending preemptive measures
• Experience working in a classified environment or with government agencies
• Experience providing intelligence support during active cyber incidents, including attribution analysis and adversary profiling
• Experience assisting in post-incident reviews to identify lessons learned and improve threat detection capabilities
• Demonstrated excellent written communication skills with the ability to communicate technical topics in an analytic fashion.
• Excellent verbal communication skills, especially in being able to brief individual as well as large groups ranging from the working to executive level.
• Ability to work independently as well as with a team of other analysts.
• Active U.S. Passport and the ability to travel up to two weeks at a time, both foreign and domestically.
• U.S citizenship required.
• An active Top Secret security clearance with SCI eligibility.

Responsibilities

• Be a key part of the Indications and Warnings team.
• Leverage open-source, proprietary/vendor, and classified reporting to closely track advanced persistent threat actor activity.
• Perform pattern, trend, and behavior analysis, as well as other specialized analysis techniques to identify malicious cyber threat activity targeting DOS information, systems and personnel.
• Maintain records to catalog and track malicious cyber threat activity targeting DOS information, systems and personnel.
• Identify Indicators of Compromise (IOCs) present on an Enterprise network through the use of a SIEM and other security tools and logs.
• Liaise with members of the Intelligence Community (IC).
• Acts as the fusion analysis cell within Cyber Threat Analysis Division (CTAD).
• Provide presentations to a variety of technical and non-technical audiences pertaining to cyber threats.
• Monitor geopolitical developments and emerging technologies to assess their potential impact on the threat landscape
• Correlate threat intelligence with internal security events to identify patterns and potential vulnerabilities
• Role will require up to 10% travel to foreign and domestic locations.