Secure our Nation, Ignite your Future
The Cyber Intel Analyst will review raw NetFlow data and identify any malicious cyber activity directed towards any DON entity or partnered organizations. Process and enrich information to ensure timely, actionable, high confidence IOC’s are ingested and shared with key stakeholders. Will be required to manage and orient internal and external sources of intelligence, review threat reports/feeds, and digest threat information into cyber threat intelligence products. Moreover, analyst must also aid/guide NCIS cyber analysts in threat hunting as well as counterintelligence operations. Furthermore, you must be able to guide/mentor junior cyber threat intelligence analysts. Analyst will perform Cyber intelligence analysis and develop raw intelligence products by collaborating intelligence reporting, open source data, and information derived from a custom, classified system which is based on a proprietary configuration to support of investigations, operations, and intelligence production. Responsible for collecting, reviewing, interpreting, evaluating, and integrating information from multiple sources to assess the relevance and significance of developments in assigned area(s) and preparing complex intelligence products including briefings, summaries, reports, studies, assessments, and estimates.
Knowledge of advanced cyber threats, threat vectors, attacker methodology to include, tools, tactics, and procedures and how they tie into the Cyber Kill Chain or ATT&CK framework, Diamond Model etc. Analyst will identify indicators of compromise (IOCs), evaluate identified attacks thru NetFlow analysis to determine cyber threats, identify campaigns, profile cyber threat actors, and track cyberspace activities.
Support counterintelligence investigations and operations involving a Federal Law Enforcement agency.
Ability to produce quality finished intelligence products for short deadlines, as well as continuing to maintain analysis for and report on long term strategic assessments.
Responsible for collecting, reviewing, interpreting, evaluating, and integrating information from multiple sources to assess the relevance and significance of developments in your assigned area(s), and preparing complex intelligence products including briefings, summaries, reports, studies, assessments, and estimates.
Report on underlying patterns of behavior by conducting detailed analysis of incidents, threats and risks and associated impacts and consequences, vulnerabilities, tactics, techniques and procedures (TTP), and other malicious and non-malicious indicators.
Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs
Develop operational-level trends analysis products that leverage customer internal data repositories, classified and unclassified open source reporting to provide situational awareness of emerging cyber threat and risk trends to customer partners, stakeholders, and customers.
Responsible for maintaining liaison with personnel in other intelligence agencies, law enforcement organizations, military intelligence services, and allied foreign governments to discuss analysis, production, and collection requirements and provide information as appropriate.
Track and manage internal and external requests for information (RFIs) and requests for analysis (RFAs) for the organization and produce weekly, monthly, quarterly, and annual performance metrics reports.
Perform executive level intelligence analysis and production tasks using intelligence reporting, open source data, and information derived from a custom, classified system which is based on a proprietary configuration to support investigations, operations, and intelligence production.
Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers.
Key Qualifications Required:
Bachelor’s degree and minimum of four (4) years of cyber threat hunting familiarity with network log analysis
In depth analysis in Netflow, DNS, Web Detail, Email Data, and TCP three-way handshake process.
Possess effective verbal and written communication skills and the ability to produce activity- and national-level intelligence products and provide high-level briefs.
In Depth knowledge of Domain Tools, VirusTotal, Chameleon, Maltego, and experience utilizing managed attribution accounts.
Proactively identify and assess potential Foreign Intelligence Entity (FIE) information; ability to disseminate through formal reporting and provide operational level recommendations.
Knowledge of the terminologies, methodologies, and IC-level research and analytical techniques as applied to highly complex assignments in counterintelligence and criminal intelligence analysis.
Identifies intelligence gaps, specifies collection requirements to fill gaps, and develops analytical tools and methodologies to cope with the gaps.
Possesses ability to leverage and exploit social media, and a variety of commercial and government open source databases.
In depth understanding of Intelligence Community analytic tradecraft.
Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection).
Can identify/prioritize relevant collection requirements/gaps in response to supply chain threats to the DON.
DIA analytical writing tradecraft
GIAC Cyber Threat Intelligence (GCTI)
Attended JCITA – CIRDAC course
Publicly Available Information (PAI) analysis experience
Familiarity with general academic databases and scientific journals and repositories
Education and Experience: Bachelor's Degree or equivalent. 7 to 9 years of relevant work experience.
Physical Requirements: Sedentary Work
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click email@example.com and provide your name and contact information.