Cyber Threat Intelligence Analyst
Washington, District of Columbia, United States
OVERVIEW: Are you looking for a new ambitious work environment to test and enhance your skills? phia, LLC is seeking a highly skilled Cyber Threat Intelligence Analyst to join our team of qualified, diverse individuals supporting the U.S. Department of Energy (DOE). DOE is responsible for the protection of vital national security information and technologies, representing intellectual property of incalculable value throughout nearly thirty sites and laboratories nationwide. This position is located in Washington, D.C. and requires an active DOE Q SCI. Current Pandemic rotating schedule one week onsite; two weeks offsite.
- Identify, investigate and analyze cyber events of intelligence significance.
- Provide situational awareness of local, regional, and international cyber threats impacting relevant client missions and interests.
- Produce all-source cyber intelligence analysis using various industry and government tools, available classified and unclassified data sets, and accepted methodologies for assessing network traffic.
- Provide tactical to strategic level analysis, including attribution of cyber actors; may use traditional or defined intel analysis techniques to do so.
- Collect data, analyze results, and prepare intelligence products relating to cyber mission objectives.
- Generate oral briefings, raw intelligence reports and finished intelligence products utilizing accepted Intelligence Community tradecraft and methodologies.
- Collect, analyze and report on cyber threats and threat actors to support cyber operations.
- Support cyber operations designed to pursue anomalies or cyber threats on Information Technology or Information Control System networks.
- Understand and analyze all sources of information (e.g., INTs, open source, law enforcement and other government data) on a specific topic or target.
- BA/BS in Intelligence, Computer Science, Information Security, or a related field or equivalent experience (two years of experience for each year of schooling).
- 4-12+ years of experience working in the areas of intelligence, cyber information security, hunt, cyber operations, network forensics, insider threat, etc.
- Possess analytical skills to make efficient and acceptable decisions.
- Experience analyzing classified/close source, commercial and open-source intelligence feeds, adding context, and sharing key findings through executive briefings.
- Effective oral and written communication skills to interact with stakeholders and other teams.
- Experience interpreting and producing intelligence reports.
- All source including cyber intelligence analysis experience.
- Must be highly motivated with the ability to self-start, prioritize assignments, and work in a collaborative team environment.
- Active Top Secret or Q clearance with an investigation within the last 5 years (sponsorship opportunities available for highly qualified candidates).
- MA/MS in computer science, information security, or a related field or equivalent experience.
- 10+ years of related technical experience working in cyber operations, threat intelligence or analysis.
- Knowledge in incident response with experience in threat analysis.
- Knowledge and understanding of the MITRE ATT&CK framework with associated tactics, techniques and tools for attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
- Experience researching events in multiple network and host-based security applications.
- Proven experience with data correlation and analysis experience between multiple intelligence source feeds, a Threat Intelligence Platform (TIP) (e.g. Analyst Platform, Anomali, Threat Connect, etc.), and Splunk/Elastic to conduct data analysis to identify trends and patterns.
- Be able to demonstrate knowledge on how to enable indicator detection at every point along the kill chain.
- CERTIFICATIONS: one or more preferred – GCIH, GCFE, RHCE, CPTE, or CEH.
- Experience with coding in python, PowerShell, etc.
WORK SCHEDULE: Core Hours (8am-5pm; start/end time flexible)
WORK LOCATION: Washington, D.C.
TRAVEL: < 5%
TELEWORK ELIGIBILITY: Pandemic rotating schedule one week onsite; two weeks offsite; normal operations ad-hoc with approval.
SECURITY REQUIREMENTS: DOE Q Clearance / DoD Top Secret; Current SCI required. Must have had a valid investigation within last 5 years.
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Parking Reimbursement
- Monthly Payroll