Cyber Threat and Intelligence AnalystLocation
Leesburg, VAClearance Level
The Cyber Threat and Intelligence Analyst is an expert in hacker/hacktivist group capabilities and intentions, and nation-state sponsored CNE (computer network exploitation) and CNA (computer network attack) targeting the US Critical Infrastructure.
- This position supports a Civilian Agency Cyber Security Operations Center (SOC) organization protecting the network security of tens of thousands of users. The work site is located in Leesburg, Virginia.This position requires the ability to identify potential threats based on agency utilized hardware and software.The Focused Operations analyst shall be knowledgeable of current and evolving hacking tools and methodologies available to disrupt these systems.The Focused Operations analyst responsibilities include:o Contribute to daily operational update meetings for SOC staff and unscheduled situational update briefings for FAA leaders as necessary.
- Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs). Reference applicable departmental and operating administration policies in work products. Recommend sound remediation and recovery strategies, suggest defensive policy enhancements and information technology procedures. Access, secure and inspect classified information processing areas. Assist DOT and FAA law enforcement and counter intelligence offices with cyber investigations Provide forensic and network analysis, primarily Encase Enterprise and RSA Security Analytics/Netwitness.
- Threat detection and trend analysis. Understand and convey of the lifecycle of the network threats, attack vectors, and network vulnerability exploitation. Maintain awareness of directives, orders, alerts, and messages. Provide content for FAA, and DOT shared situational awareness mechanisms i.e., websites, blogs, and Wikipedia style mechanisms. Maintain relationships with Intelligence Agencies, Law Enforcement (LE), and US Government organizations.
- Maintain situational awareness of cyber activity in the Information Technology (IT) by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.o
- Develop indicators of compromise and context for content creation, utilizing FireEye, ArcSight, and Splunk. Search for anomalous activity and investigate to provide identification; produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk Use customer, community, and open source reporting.Qualities/Additional info:Shift is Monday-Friday, 10A-6P.Focused Operations analysts should be a proven team player with excellent oral and written communications skills, and a fine attention to detail. Focused Operations analysts should also be self-starters, capable of working on projects independently, if required. Extremely effective oral and written communications skills are a must, in order to present strategy, scripting output and status information to the client in both formal and informal review settings. Frequent interaction with government client is required. Occasional local travel. Infrequent (
- Bachelor's degree desired, but not required.Preferred Experience:
- Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. security information management tools such as Splunk, Netwitness, ArcSight).
- Technical expertise in the capabilities and techniques of hacker/hacktivist groups, criminal syndicates, and advanced persistent threats conducting computer network exploitation and attacks against the U.S. government resources and critical infrastructure.
- Familiar with signatures, tactics, techniques and procedures associated with preparation for and execution/implementation of such attacks especially Sourcefire/Snort/Firepower.
- Experience with intelligence briefings.
- Experience with threat analysis.
- Experience with intelligence products.
- Experience with early indications and warnings.
- Experience with Open Source intelligence techniques.
- Experience working in a network security incident response team, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).Level of Clearance Required: Department of Defense Secretship required