Cyber Threat Intelligence Analyst
Morrisville, North Carolina, United States
OVERVIEW: phia, LLC is seeking a highly skilled Senior Threat & Cyber Operations Analyst to join our team of qualified, diverse individuals.
- Provide expertise for developing and implementing the Corporate Information Security Office’s cyber threat intelligence capability, federated across multiple operational units.
- Conducts research and evaluate technical and all-source cyber intelligence to develop in-depth analysis and assessment on threats to critical networks and critical infrastructure.
- Will work closely with other technical, forensic and incident management personnel to develop an understanding of the intent, objectives and activity of cyber threat actors.
- Analyze network events to determine the impact on current operations and conduct all-source research to determine adversary capability and intent.
- Analyze commercial and open source intelligence feeds, adding context, and sharing key findings through formal and informal executive briefings.
- Develop and update Splunk queries/dashboards.
- Write API integrations and working with a variety of security related technologies in a dynamic customer environment.
- Create and support data processing pipelines and storage systems for threat intelligence data.
- BA/BS in Computer Science, Information Security, or a related field or equivalent experience
- 3-7 years of experience working in the areas of (intelligence, information security, hunt, cyber operations, network forensics, insider threat)
- Preferred background in incident response with experience in threat analysis
- Knowledge and understanding of attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
- Experience researching events in multiple network and host-based security applications
- Proven experience with data integration experience between multiple intelligence source feeds, a Threat Intelligence Platform (TIP) (e.g. Analyst Platform, Anomali, Threat Connect, etc.), and Splunk to conduct data analysis to identify trends and patterns
- Possess analytical skills to make efficient and acceptable decisions
- Familiarity with common network vulnerability/penetration testing methodologies and tools
- Experience analyzing commercial and open source intelligence feeds, adding context, and sharing key findings through executive briefings
- Be able to demonstrate expert level knowledge on how to enable indicator detection at every point along the kill chain
- Excellent knowledge of a wide variety of security solutions and technologies, including: Linux, network architecture/implementation/configuration experience, firewall technologies, proxy technologies, anti-virus, spam and spyware solutions (gateway and SaaS), malware/security experience
- Create and support data processing pipelines and storage systems for threat intelligence data
- 2+ years of Linux/Unix software development proficiency in any of the following languages: Java, Python, C++
- Experience with relational and NoSQL databases
- Effective oral and written communication skills to interact with constituents and other teams
- Must be highly motivated with the ability to self-start, prioritize assignments, and work in a collaborative Agile team environment
- 10+ years of related technical experience working in cyber operations engineering or architecting solutions in support of operations
- CERTIFICATIONS: one or more preferred – GCIH, GCFE, RHCE, CPTE, or CEH
- MA/MS in computer science, information security, or a related field or equivalent experience
- Active Secret or higher clearance
WORK SCHEDULE: Core Hours (8am-5pm; start/end time flexible)
TRAVEL: Minimal; <5%
TELEWORK ELIGIBILITY: Ad-Hoc
SECURITY REQUIREMENTS: Ability to obtain Public Trust or higher - Active Secret or higher preferred
phia, LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Parking Reimbursement
- Monthly Payroll