FUTURE NEED - Not a current vacancy. If you apply, this could be a multi-year process.Location:Linthicum, MDDescription:Please note this is not a cybersecurity or systems engineer position.The selected candidate will serve as a cyberintelligenceanalyst andmust have relevant experienceas such (see below for requirements). The selected candidate will serve as a cyber intelligence analyst. The analyst provides the customer with expertise in Intelligence sources, collection methods and analytic techniques. The analyst collaborates among internal partners to identify malicious activity and provide analytic support to the investigation and operation groups. The analyst performs analysis on existing and emerging APT organizations, actors, and malware.Ideal candidate has experience with cyber intelligence analysis or law enforcement/counterintelligence analysis, and has applied their mastery of cyber threat intelligence, intelligence analysis techniques, sources and methods to produce high quality analysis products.Requirements:
Must be a US Citizen with a SECRET security clearance (no exceptions)
Must hold a BA/BS degreein Information Technology or Information Security, Computer Science, Intelligence Studies, Cyber Security or another related field of study or equivalent 3+ years performing technical cyber threat intelligence analysis.
Must have minimum 1 year of related Cyber Intel experience
outside of a classroom setting (no exceptions)
Must have strong technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense ops (proxy, firewall, IDS/IPS, router/switch) and open source information collection.
Must have knowledge of Cyber Threat Intelligence principles to include indicators of compromise types, indicator pivoting and indicator attribution strength.
Must have an understanding of IC and how those cyber organizations work together for purposes of conducting cyber threat analysis.
Must have strong technical report writing skills.
Must have the ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity. Candidate must be able to make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis. Candidate must be able to identify analytic bias.
Must have recent experience or familiarity with open source cyber intelligence research tools including, but not limited to, VirusTotal, PassiveTotal, Domain Tools, AlienVault Open Threat Exchange, Threat Connect, URLScan.io, and MXToolbox.
Must have the ability to build intrusion related data visualizations and perform analysis (i.e., using I2 Analyst Notebook, Netviz, Palantir, etc)
Ability to present technical information and analysis to professionals and peers on a regular basis.
Must have the ability to proactively engage and develop relationships with intrusion set subject matter experts.
Desired Skills:Mandarin or Russian language skillsFormal training as an intelligence analyst in any disciplineGraduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etcExperience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment modeling, or Diamond modeling of cyber threat activityRecent experience performing NETFLOW and PCAP analysis using common analysis tools (examples include Wireshark, Splunk, ChopShop, Dshell, Network Miner, Moloch, etc).Should be proficient at sessionizing PCAP data, identifying and decoding protocols, extracting files, and appl ing standard filters such as Berkley Packet Filter (BPF).Certifications (any): CISSP, CEH, Security+, SANS certification(s), Network+, CCNAAdvanced NETFLOW and PCAP AnalysisAdvanced Data Visualization proficiency leveraging COTS/GOTS toolsTechnical Skills proficiency: Python language, encryption technologies/standardsIntermediate malware analysis or digital computer forensics experience[]{styl=""}