The Mid-Level Cyber Watch Analyst conducts research and evaluates technical and all-source intelligence with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to networked weapons platforms and customer information networks. Analyzes network events to determine the impact on current operations and conduct all-source research to determine advisory capability and intent. Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research and analysis of classified and open source information. Correlates threat data from various sources. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations. Collects data using a combination of standard intelligence methods and business processes. Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and network operations officials.
Candidates must already possess a current and active TS/SCI with Poly clearance to be considered for this position.
- 12-hour Day Shift schedule on the Computer Incident Response Team (CIRT) Watch Floor
- Collaborate between CIRT elements as necessary during incident detection and response stages
- Respond promptly to all request for support whether telephonic, via e-mail or instant messenger
- Create releasable finished intelligence products and reports for the IC as well as IC Senior Leadership
- Maintain incident case management database for all reported incidents
- Analyze incidents and events captured in the Case Management Database for trends, patterns, or actionable information
- Review incidents and events captured in the Case Management Database after closure for investigative sufficiency and timeliness
- Leverage existing business processes and document new repeatable business processes and procedures where necessary
- Research external information on events, incidents, outages, threats, and technical vulnerabilities
- Coordinate and disseminate the best course of action for the IC enterprise during cybersecurity events, incidents, outages, threats and technical vulnerabilities with IC-IRC fusion analysis team
- Assess incidents to identify type of attack, collect evidence, and assess impact
- 1-3 years of Cyber Threat Analysis experience
- Experience working within a Security or Network Operations Center
- Experience working with Security incident and event management
- Demonstrated proficiency in Windows and Linux environments
- Demonstrated experience with drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis
- BS degree in Cybersecurity, Information Security, Information Technology, Computer Science/Engineering, Network Engineering, or Computer forensics
- Demonstrated proficiency with at least one of the following tools/techniques: ArcSight ESM, Splunk Enterprise, FireEye, SolarWinds, Remedy, and/or McAfee ePolicy
- Relevant Certifications: Security +, CySA+, CASP+, CEH, CISSP, GCIA, Splunk Certified User
We are an Equal Opportunity/Affirmative Action Employer.
We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law. Equal Opportunity Employer Minorities/Women/Vets/Disabled.