Cyber Threat and Operations Analyst
Washington, District of Columbia, United States
OVERVIEW: phia, LLC is seeking a highly skilled Cyber Threat Analyst to join our team of qualified, diverse individuals supporting the U.S. Department of Energy (DOE). DOE is responsible for the protection of vital national security information and technologies, representing intellectual property of incalculable value throughout nearly thirty sites and laboratories nationwide.
Are you interested in joining an amazing technical team providing cyber operations support to a variety of complex organizations?
This position is located in Washington, D.C. and requires an active DOE Q SCI.
Current Pandemic rotating schedule one week onsite; two weeks offsite.
- Advise on the uses of forensics, network vulnerability, and malware analysis to conduct both technical analysis of cyber threats and events as well as all-source analysis of cyber threats, their vectors, and capabilities.
- Work with a variety cyber defense and IT tools such as: Splunk, ElasticSearch, MISP, FireEye, Cisco Sourcefire, Palo Alto firewalls, Tanium, Snort, Bro, SolarWinds, Apache NiFi, and RedSeal.
- Review and triage open-source, commercial, and classified threat intel/Indicators of Compromise.
- Perform internal/external collaboration on threat and mission related requirements.
- Identify and baseline current and emerging threat actor TTPs.
- Provide support for attribution analysis of cyber organizations, programs, capabilities, motivations and intent to conduct cyberspace operations.
- Apply a broad understanding of tactical to strategic level intelligence analysis of cyber threats, vectors, and actors in support of cyber defense and computer network operations.
- Identify newly released vulnerabilities, exploits, malware.
- Coordinate response actions/recommendations with security operations and information assurance teams.
- Advise the DOE-IN leadership on key developments.
- Provide integrated cyber threat intelligence analysis support in the security operations center.
- Use both open-source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious cyber activity and provide situational awareness of local, regional, and international cyber threats.
- Active Top Secret or Q clearance with an investigation within the last 5 years (sponsorship opportunities available for highly qualified candidates).
- BA/BS in Computer Science, Information Security, or a related field or equivalent experience (two years of experience for each year of schooling).
- 4-12 years of experience working in the areas of cyber, intelligence, information security, hunt, cyber operations, network forensics, insider threat, etc.
- Excellent knowledge of a wide variety of security solutions and technologies, including: Linux, network architecture/implementation/configuration experience, firewall technologies, proxy technologies, anti-virus, spam and spyware solutions (gateway and SaaS), malware/security experience.
- Be able to demonstrate expert level knowledge on how to enable indicator detection at every point along the kill chain.
- Proven experience with data correlation and analysis experience between multiple intelligence source feeds, a Threat Intelligence Platform (TIP) (e.g. Analyst Platform, Anomali, Threat Connect, etc.), and Splunk/Elastic to conduct data analysis to identify trends and patterns.
- Knowledge and understanding of the MITRE ATT&CK framework with associated tactics, techniques and tools for attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
- Experience researching events in multiple network and host-based security applications.
- Possess analytical skills to make efficient and acceptable decisions.
- Familiarity with common network vulnerability/penetration testing methodologies and tools.
- Experience analyzing commercial and open source intelligence feeds, adding context, and sharing key findings through executive briefings.
- Preferred background with knowledge in incident response with experience in threat analysis.
- Effective oral and written communication skills to interact with constituents and other teams.
- Must be highly motivated with the ability to self-start, prioritize assignments, and work in a collaborative team environment.
- 10+ years of related technical experience working in cyber operations, threat intelligence or analysis
- CERTIFICATIONS: one or more preferred – GCIH, GCFE, RHCE, CPTE, or CEH
- MA/MS in computer science, information security, or a related field or equivalent experience
- Experience with coding in python, PowerShell, etc.
WORK SCHEDULE: Core Hours (8am-5pm; start/end time flexible)
WORK LOCATION: Washington, D.C.
TRAVEL: < 5%
TELEWORK ELIGIBILITY: Pandemic rotating schedule one week onsite; two weeks offsite; normal operations ad-hoc with approval
SECURITY REQUIREMENTS: DOE Q Clearance / DoD Top Secret; Current SCI required. Must have had a valid investigation within last 5 years
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Parking Reimbursement
- Monthly Payroll