Full Time Employee Contractor
We?re currently looking to hire a full-time Threat Intelligence Analyst to join our team! In this role you will be responsible for researching and providing insight and intelligence on new and existing cyber threats. You will be part of a small team that is passionately working to identify adversary attempts to compromise our network! You will also support our engineering team and fellow security analysts by providing expert analysis and insight into attack campaigns and threats to better inform engineering and design decisions.
- Active TS/SCI Clearance with POLY
- A bachelor?s degree or equivalent experience in computer engineering, computer science, or other closely related IT discipline.
- Strong analytical and problem solving skills.
- Progressively responsible experience in cyber security analysis, incident response, or related experience
- Good interpersonal, organizational, writing, communications and briefing skills.
- 8570-compliant IATLevel I or CND-A
- Previous experience as Threat Researcher and/or Intelligence Analyst
- Research experience in tracking cyber threat and malware campaign activity
- Tool agnostic ability to conduct preliminary malware analysis.
- Ability to create, modify, and implement both Snort and YARA signatures.
- Prior experience in network forensics with an emphasis on detecting malicious activity using network traffic
- Strong understanding of Operating Systems and Network Protocols
- Strong scripting and task automation skills
- Experience doing dynamic malware analysis
If the candidate meets all of the qualifications, skills and experience for this labor category, but lacks a bachelor?s degree, then eight to ten (8 to10) years of relevant work experience may be substituted for a bachelor?s degree.
Cyber Threat Analysts work together as a team to develop skills, sources, and methods to provide the best possible cyber defense capability to protect Government IT assets from all manner of cyber
threats, attacks, and exploitation. Analysts demonstrate on a daily basis the skills necessary to stay abreast of the latest threats and issues, develop profiles on bad actors, short and long-term campaigns, develop new and effective signatures and correlation rules, dashboards, filters, aggregation, and develop useful daily, weekly,monthly and annual reports.
Specific tasks may include but are not limited to the following:
· Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
· Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
· Piece together intrusion campaigns, threat actors, and nation-state organizations
· Manage, share, and receive intelligence on APT adversary groups
· Generate intelligence from their own data sources and share it accordingly
· Identify, extract, and leverage intelligence from APT intrusions
· Expand upon existing intelligence to build profiles of adversary groups
· Leverage intelligence to better defend against and respond to future intrusions.
· Conduct advanced threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack in order to detect adversaries with persistent access to the enterprise.
· Create and add custom signatures,to mitigate highly dynamic threats to the enterprise using the latest threat information obtained from multiple sources.
· Conduct initial dynamic malware analysis on samples obtained during the course of an investigation or hunt operation in order to create custom signatures
· Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends,and provide focus and situational awareness on all issues. Reports shall be produced on a daily, weekly,monthly, and quarterly basis capturing and highlighting status, preparedness,and significant issues.
· Correlate data from intrusion detection and prevention systems with data from other sources such as firewall,web server, and DNS logs.
· Notify the management team of significant changes in the security threat against the government networks in a timely manner and in writing via established reporting methods.
· Coordinate with appropriate organizations within the intelligence community regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact.
· Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
· Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
· Other Cyber Defense Duties as assigned.
To apply for this job, contact: