Clearance - Secret
The Focused Operations analyst is an expert in hacker/hacktivist group capabilities and intentions, and nation-state sponsored CNE (computer network exploitation) and CNA (computer network attack) targeting the US Critical Infrastructure. This position supports a Civilian Agency Cyber Security Operations Center (SOC) organization protecting the network security of tens of thousands of users. The work site is located in Leesburg, Virginia.
This position requires the ability to identify potential threats based on agency utilized hardware and software. The Focused Operations analyst shall be knowledgeable of current and evolving hacking tools and methodologies available to disrupt these systems.
The Focused Operations analyst responsibilities include:
• Contribute to daily operational update meetings for SOC staff and unscheduled situational update briefings for FAA leaders as necessary.
• Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
• Reference applicable departmental and operating administration policies in work products.
• Recommend sound remediation and recovery strategies, suggest defensive policy enhancements and information technology procedures.
• Access, secure and inspect classified information processing areas.
• Assist DOT and FAA law enforcement and counter intelligence offices with cyber investigations
• Provide forensic and network analysis.
• Threat detection and trend analysis.
• Understand and convey of the lifecycle of the network threats, attack vectors, and network vulnerability exploitation
• Maintain awareness of directives, orders, alerts, and messages.
• Provide content for FAA, and DOT shared situational awareness mechanisms i.e., websites, blogs, and Wikipedia style mechanisms.
• Maintain relationships with Intelligence Agencies, Law Enforcement (LE), and US Government organizations.
• Maintain situational awareness of cyber activity in the Information Technology (IT) by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.
• Develop indicators of compromise and context for content creation.
• Search for anomalous activity and investigate to provide identification; produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk
• Use customer, community, and open source reporting.
• Any other duties as requested by the Contracting Officer Representative and SOC management.
Qualities/Additional info: Under low/guarded risk level, required shifts for Focused Operations are
(0800-1700, EST\EDT), Monday-Friday. Under the elevated or high risk levels, the required shifts are (0600-1400 EST\EDT) and (1000-1800 EST\EDT), Monday-Friday. Under the severe risk level, the Contractor must have the capability to augment staffing levels to support additional required shifts of (0800-1700, EST\EDT), Saturday and Sunday. Under all risk levels, the backfill of absent Focused Operations analysts are required for all periods of scheduled and unscheduled leave. Focused Operations analysts should be a proven team player with excellent oral and written communications skills, and a fine attention to detail. Focused Operations analysts should also be self-starters, capable of
working on projects independently, if required. Extremely effective oral and written communications skills are a must, in order to present strategy, scripting output and status information to the client in both formal and informal review settings. Frequent interaction with government client is required. Occasional local travel. Infrequent (<5%) local travel, infrequent (<5%) long distance travel.
Required Education and Experience:
- Bachelor's degree in Computer Science or Information systems.
- Minimum ten (10) years of relevant professional experience.
- In addition to required education or equivalent experience.
- Minimum four (4) years experience with cyber intelligence analysis experience.
- Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. security information management tools (e.g., NetForensics, ArcSight).
- Technical expertise in the capabilities and techniques of hacker/hacktivist groups, criminal syndicates, and advanced persistent threats conducting computer network exploitation and attacks against the U.S. government resources and critical infrastructure.
- Familiar with signatures, tactics, techniques and procedures associated with preparation for and execution/implementation of such attacks.
- Experience with intelligence briefings.
- Experience with threat analysis.
- Experience with intelligence products.
- Experience with early indications and warnings.
- Experience with Open Source intelligence techniques.
- Experience working in a network security incident response team, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).
Level of Clearance Required: Department of Defense Top Secret/Sensitive Compartmental Information (TS/SCI)
US Citizenship Required: Yes
Please submit your resume in Microsoft word format to: