Cyber Threat and Operations Analyst
phia, United States

OVERVIEW: phia, LLC is seeking a highly skilled Cyber Threat Analyst to join our team of qualified, diverse individuals supporting the U.S. Department of Energy (DOE). DOE is responsible for the protection of vital national security information and technologies, representing intellectual property of incalculable value throughout nearly thirty sites and laboratories nationwide.

Are you interested in joining an amazing technical team providing cyber operations support to a variety of complex organizations?

This position is located in Washington, D.C. and requires an active DOE Q SCI.

Current Pandemic rotating schedule one week onsite; two weeks offsite.

DUTIES:

• Advise on the uses of forensics, network vulnerability, and malware analysis to conduct both technical analysis of cyber threats and events as well as all-source analysis of cyber threats, their vectors, and capabilities.
• Work with a variety cyber defense and IT tools such as: Splunk, ElasticSearch, MISP, FireEye, Cisco Sourcefire, Palo Alto firewalls, Tanium, Snort, Bro, SolarWinds, Apache NiFi, and RedSeal.
• Review and triage open-source, commercial, and classified threat intel/Indicators of Compromise.
• Perform internal/external collaboration on threat and mission related requirements.
• Identify and baseline current and emerging threat actor TTPs.
• Provide support for attribution analysis of cyber organizations, programs, capabilities, motivations and intent to conduct cyberspace operations.
• Apply a broad understanding of tactical to strategic level intelligence analysis of cyber threats, vectors, and actors in support of cyber defense and computer network operations.
• Identify newly released vulnerabilities, exploits, malware.
• Coordinate response actions/recommendations with security operations and information assurance teams.
• Advise the DOE-IN leadership on key developments.
• Provide integrated cyber threat intelligence analysis support in the security operations center.
• Use both open-source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious cyber activity and provide situational awareness of local, regional, and international cyber threats.

Requirements

REQUIRED QUALIFICATIONS:

• Active Top Secret or Q clearance with an investigation within the last 5 years (sponsorship opportunities available for highly qualified candidates).
• BA/BS in Computer Science, Information Security, or a related field or equivalent experience (two years of experience for each year of schooling).
• 4-12 years of experience working in the areas of cyber, intelligence, information security, hunt, cyber operations, network forensics, insider threat, etc.
• Excellent knowledge of a wide variety of security solutions and technologies, including: Linux, network architecture/implementation/configuration experience, firewall technologies, proxy technologies, anti-virus, spam and spyware solutions (gateway and SaaS), malware/security experience.
• Be able to demonstrate expert level knowledge on how to enable indicator detection at every point along the kill chain.
• Proven experience with data correlation and analysis experience between multiple intelligence source feeds, a Threat Intelligence Platform (TIP) (e.g. Analyst Platform, Anomali, Threat Connect, etc.), and Splunk/Elastic to conduct data analysis to identify trends and patterns.
• Knowledge and understanding of the MITRE ATTamp;CK framework with associated tactics, techniques and tools for attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
• Experience researching events in multiple network and host-based security applications.
• Possess analytical skills to make efficient and acceptable decisions.
• Familiarity with common network vulnerability/penetration testing methodologies and tools.
• Experience analyzing commercial and open source intelligence feeds, adding context, and sharing key findings through executive briefings.
• Preferred background with knowledge in incident response with experience in threat analysis.
• Effective oral and written communication skills to interact with constituents and other teams.
• Must be highly motivated with the ability to self-start, prioritize assignments, and work in a collaborative team environment.

PREFERRED QUALIFICATIONS:

• 10+ years of related technical experience working in cyber operations, threat intelligence or analysis
• CERTIFICATIONS: one or more preferred GCIH, GCFE, RHCE, CPTE, or CEH
• MA/MS in computer science, info

Job Rewards and Benefits