Cyber Fusion Analyst (TS/SCI Required)
Fort Meade, MD
Job Id:
116089
Job Category:
Job Location:
Fort Meade, MD
Security Clearance:
TS/SCI
Business Unit:
Zachary Piper
Division:
Zachary Piper Solutions
Position Owner:
Madeline Carinci
Position: Cyber Fusion Watch Officer (DNEA or TDNA)
Location: Fort Meade, MD
Shifts:
- Team 1: 0500 – 1500/Monday – Thursday (Not usually available)
- Team 2: 1300 – 2300/Monday – Thursday
- Team 3: 2100 – 0700/Monday – Thursday
- Team 4: 0420 – 1730/Friday – Sunday
- Team 5: 1620 – 0530/Friday – Sunday
Overview:
We are seeking a qualified individual to fulfill the role of Cyber Fusion Watch Officer at our Fort Meade, MD location. The position involves providing support to the Joint Force Headquarters-DoD Information Network (JFHQ-DODIN), contributing to network operations, and defensive cyber operations for the United States Cyber Command in alignment with DoD objectives.
Key Responsibilities:
- Utilize diverse network monitoring tools to detect and analyze cyber adversary activities, employing methods such as netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data.
- Contribute to the development of Cyber Fusion standard operating procedures (SOPs) and framework based on industry best practices, Department of Defense instructions, and guidance.
- Identify and assess threats to the enterprise, recommending mitigation strategies to enhance security and minimize the attack surface.
- Conduct analysis using serialized threat reporting, intelligence sharing, OSINT, and open-source vulnerability information to develop prioritized plans.
- Analyze and document malicious cyber actors' Tactics, Techniques, and Procedures (TTPs), aligning recommendations with vulnerabilities and their applicability to the operational environment.
- Investigate and analyze system compromises, providing written analytic summaries and visualizations of attack life cycles.
- Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
- Collect and analyze metrics and trending data, offering situational awareness on key trends.
- Guide the use of OSINT techniques in investigatory requirements.
- Perform quality assurance on SIGACTs, ensuring compliance with policies and capturing all necessary information before closure.
Required Qualifications:
- Active DoD TS/SCI Clearance and eligibility for polygraph.
- DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.).
- Bachelor’s degree in a related discipline and 8-12 years of relevant experience; additional experience may be accepted in lieu of a degree.
- Experience working with members of the Intelligence Community and understanding of Intelligence processes.
- In-depth knowledge of network and application protocols, cyber vulnerabilities, exploitation techniques, and cyber threat/adversary methodologies.
- Proficiency with analysis tools and protocols (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.).
- Experience with Intelligence Community repositories (Pulse, TESTFLIGHT, etc.).
- Experience with various open-source and commercial vendor portals, services, and platforms related to threat identification or combat.
Preferred Qualifications:
- Experience with the DODIN and other DoD Networks.
- Familiarity with DoD portals and tools (RAMs, IKE, JCC2, etc.).
- Experience with proprietary OS Intelligence Sources (Mandiant, Recorded Future, Shodan, etc.).
- Proficient in building extended cybersecurity analytics (Trends, Dashboards, etc.).
- Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
- Experience in intelligence-driven defense and/or Cyber Kill Chain methodology.
- IAT Level III or IAM Level II+III Certifications.
Salary Range: $120,000 - $160,000 per annum
Keywords: TDNA, DNEA, Digital Network Exploitation Analyst, Target Digital Network Analyst, Cyber security, cybersecurity, intelligence, allsource, humint, sigint, osint, cyber intelligence analyst, cyber intel analyst, open source intelligence, TCP/IP, malware, IDS, IPS, proxy, router, switch, IOC, indicators of compromise, APT, advanced persistent threats, Netflow, PCAP, wireshark, splunk, chopshop, dshell, network miner, moloch, Berkeley packet filter, BPF, analyst notebook, netviz, Palantir, kill chain analysis, CISSP, CEH, Security+, SANS, Network+, CCNA, COTS, GOTS, encryption, Python, law enforcement, novetta cyber analytics, mitre chopshop, arl dshell, benefits, vacation, holiday, 401K
#LI-HW1