Cyber Fusion & Threat Analyst
Leidos
- Tampa, FL
- $81,250-146,875 per year
- Permanent
- Full-time
- Synthesize, summarize, consolidate and share potentially malicious activities on the DoDIN with DISA and mission partner organizations by creating incident reports, wiki updates, collaboration/chat tippers and notifications, DoD incident handling database queries, metrics, and trend reports.
- Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
- Identify threats to the enterprise and provide mitigation strategies to improve security, and reduce the attack surface.
- Perform analysis by leveraging serialized threat reporting, intelligence product sharing, OSINT, and open source vulnerability information to ensure prioritized plans are developed.
- Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment.
- Discover adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data.
- Identify, investigate and rule out system compromises, with the capacity to provide written analytic summaries and attack life cycle visualizations.
- Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
- Offer recommendations to adjust enterprise or tactical countermeasures to for threats impacting the DODIN.
- Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.
- Active DoD TS/SCI Clearance
- Bachelor’s Degree in related discipline and 4+ years of related experience. Additional experience may be accepted in lieu of degree
- Security+ Certification (or other equivalent DoD 8570 Level II certification)
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.
- Proficiency with datasets, tools and protocols that support analysis (e.g. passive DNS, Virus Total, Recorded Future, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Splunk, Arcsight etc.).
- Experience with various open-source and commercial vendor portals, services and platforms that provide insight into how to identify and/or combat threats or vulnerabilities to the enterprise.
- Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs)
- Experience with the DISN and other DOD Networks.
- Skilled in building extended cyber security analytics (Trends, Dashboards, etc.).
- Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
- Experience in intelligence driven defense and/or cyber Kill Chain methodology.
- IAT Level III and IAM Level II+III Certifications
- Experience with Splunk Query Language