Threat Operations Analyst

Qualifications required: Access to a SCIF Combined 7+ years’ experience in any number of cybersecurity fields (preferably network, host, and intelligence analysis) Strong network-based analysis and analytic discovery skills (e.g., knowledgeable about common network/security protocols [HTTP, SSL, SSH, DNS/secure DNS, etc.], including ability to identify normal vs. abnormal behavior) Familiarity with host-based anomaly detection (e.g., have basic understanding of what normal process trees look like, vs. malware injection into a process, etc.) Experience connecting open-source information with network and/or host-based anomalies (e.g., identifying cyber threat intelligence about suspicious processes, finding new insights through tools such as VirusTotal, understanding of how to find threat intelligence about malformed HTTP traffic, etc.) Hands-on experience with open-source cyber threat/related tools (e.g., VirusTotal, Maltego, Shodan, exploit-db, etc.) Familiarity working with public/purchased Cyber Threat Intel (CTI) feeds/data (e.g., Crowdstrike reporting, GreyNoise, RecordedFuture, Palo Alto Xpanse, or others) Excellent time-management skills with the ability to work in a collaborative team on a common project/event, as well as on your own. Excellent mission documentation skills; familiarity with ServiceNow, Confluence, and JIRA is a plus. Comfort to autonomously engage with others across the Agency/organization to obtain relevant information in support of unique mission needs. Familiarity with Red Teaming / Cyber exploitation concepts (e.g., killchain, MITRE ATT&CK, common hacker tools such as Metasploit/Meterpreter, Kali linux, etc.) Ability to code/script simple programs and functions in Python, bash, powershell, etc., to enable analytic triage and automation. Familiarity with Amazon AWS/S3, Jupyter Notebooks, and experience using specific CTI APIs is a plus; fusing multiple mission-relevant data streams is a highly desired. Broad familiarity with the tactics, techniques, procedures (TTPs) of nation-state and/or ransomware actors is desired; specialization in key nation-state intel a plus. Excellent technical reasoning skills / considers analysis of competing hypothesis (ACH) / values quality over quantity / proactive & self-starting approach to work. Please read the following important information to ensure we have everything we need to consider your application: It is your responsibility to ensure that you submit appropriate documentation prior to the closing date. Your resume serves as the basis for qualification determinations and must highlight your most relevant and significant experience as it relates to this Joint Duty assignment opportunity announcement. Be clear and specific when describing your work history since human resources cannot make assumptions regarding your experience. Your application will be rated based on your resume. Please ensure EACH work history includes ALL of the following information: Job Title (Include series and grade of Federal Job) Duties (Be specific in describing your duties) Name of Federal agency Supervisor name, email, and phone number Start and end dates including month and year (e.g. June 2007 to April 2008)
1-year non-reimbursable assignment CISA Threat Operations Analyst Series Requested: 0132 Security Clearance: TS/SCI Virtual/Remote: No Only current, full-time federal employees are eligible. Resumes are reviewed every 30 days until selection/closing date. This is a Detail, not a Developmental Rotation. Supervisory approval form must be signed.