Cyber Fusion Analyst (TS/SCI Required)

Position : Cyber Fusion Watch Officer (DNEA or TDNA)

Location : Fort Meade, MD

Shifts :

• Team 1 : 0500 1500 / Monday Thursday (Not usually available)
• Team 2 : 1300 2300 / Monday Thursday
• Team 3 : 2100 0700 / Monday Thursday
• Team 4 : 0420 1730 / Friday Sunday
• Team 5 : 1620 0530 / Friday Sunday

Overview :

We are seeking a qualified individual to fulfill the role of Cyber Fusion Watch Officer at our Fort Meade, MD location. The position involves providing support to the Joint Force Headquarters-DoD Information Network (JFHQ-DODIN), contributing to network operations, and defensive cyber operations for the United States Cyber Command in alignment with DoD objectives.

Key Responsibilities :

• Utilize diverse network monitoring tools to detect and analyze cyber adversary activities, employing methods such as netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data.
• Contribute to the development of Cyber Fusion standard operating procedures (SOPs) and framework based on industry best practices, Department of Defense instructions, and guidance.
• Identify and assess threats to the enterprise, recommending mitigation strategies to enhance security and minimize the attack surface.
• Conduct analysis using serialized threat reporting, intelligence sharing, OSINT, and open-source vulnerability information to develop prioritized plans.
• Analyze and document malicious cyber actors' Tactics, Techniques, and Procedures (TTPs), aligning recommendations with vulnerabilities and their applicability to the operational environment.
• Investigate and analyze system compromises, providing written analytic summaries and visualizations of attack life cycles.
• Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
• Collect and analyze metrics and trending data, offering situational awareness on key trends.
• Guide the use of OSINT techniques in investigatory requirements.
• Perform quality assurance on SIGACTs, ensuring compliance with policies and capturing all necessary information before closure.

Required Qualifications :

• Active DoD TS / SCI Clearance and eligibility for polygraph.
• DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.).
• Bachelor’s degree in a related discipline and 8-12 years of relevant experience; additional experience may be accepted in lieu of a degree.
• Experience working with members of the Intelligence Community and understanding of Intelligence processes.
• In-depth knowledge of network and application protocols, cyber vulnerabilities, exploitation techniques, and cyber threat / adversary methodologies.
• Proficiency with analysis tools and protocols (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP / IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.).
• Experience with Intelligence Community repositories (Pulse, TESTFLIGHT, etc.).
• Experience with various open-source and commercial vendor portals, services, and platforms related to threat identification or combat.

Preferred Qualifications :

• Experience with the DODIN and other DoD Networks.
• Familiarity with DoD portals and tools (RAMs, IKE, JCC2, etc.).
• Experience with proprietary OS Intelligence Sources (Mandiant, Recorded Future, Shodan, etc.).
• Proficient in building extended cybersecurity analytics (Trends, Dashboards, etc.).
• Demonstrated experience briefing Senior Executive Service (SES) and General Officer / Flag Officer (GO / FO) leadership.
• Experience in intelligence-driven defense and / or Cyber Kill Chain methodology.
• IAT Level III or IAM Level II+III Certifications.

Salary Range : $120,000 - $160,000 per annum

Keywords : TDNA, DNEA, Digital Network Exploitation Analyst, Target Digital Network Analyst, Cyber security, cybersecurity, intelligence, allsource, humint, sigint, osint, cyber intelligence analyst, cyber intel analyst, open source intelligence, TCP / IP, malware, IDS, IPS, proxy, router, switch, IOC, indicators of compromise, APT, advanced persistent threats, Netflow, PCAP, wireshark, splunk, chopshop, dshell, network miner, moloch, Berkeley packet filter, BPF, analyst notebook, netviz, Palantir, kill chain analysis, CISSP, CEH, Security+, SANS, Network+, CCNA, COTS, GOTS, encryption, Python, law enforcement, novetta cyber analytics, mitre chopshop, arl dshell, benefits, vacation, holiday, 401K

LI-HW1