Position : Cyber Fusion Watch Officer (DNEA or TDNA)
Location : Fort Meade, MD
Shifts :
- Team 1 : 0500 1500 / Monday Thursday (Not usually available)
- Team 2 : 1300 2300 / Monday Thursday
- Team 3 : 2100 0700 / Monday Thursday
- Team 4 : 0420 1730 / Friday Sunday
- Team 5 : 1620 0530 / Friday Sunday
Overview :
We are seeking a qualified individual to fulfill the role of Cyber Fusion Watch Officer at our Fort Meade, MD location. The position involves providing support to the Joint Force Headquarters-DoD Information Network (JFHQ-DODIN), contributing to network operations, and defensive cyber operations for the United States Cyber Command in alignment with DoD objectives.
Key Responsibilities :
- Utilize diverse network monitoring tools to detect and analyze cyber adversary activities, employing methods such as netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data.
- Contribute to the development of Cyber Fusion standard operating procedures (SOPs) and framework based on industry best practices, Department of Defense instructions, and guidance.
- Identify and assess threats to the enterprise, recommending mitigation strategies to enhance security and minimize the attack surface.
- Conduct analysis using serialized threat reporting, intelligence sharing, OSINT, and open-source vulnerability information to develop prioritized plans.
- Analyze and document malicious cyber actors' Tactics, Techniques, and Procedures (TTPs), aligning recommendations with vulnerabilities and their applicability to the operational environment.
- Investigate and analyze system compromises, providing written analytic summaries and visualizations of attack life cycles.
- Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
- Collect and analyze metrics and trending data, offering situational awareness on key trends.
- Guide the use of OSINT techniques in investigatory requirements.
- Perform quality assurance on SIGACTs, ensuring compliance with policies and capturing all necessary information before closure.
Required Qualifications :
- Active DoD TS / SCI Clearance and eligibility for polygraph.
- DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.).
- Bachelor’s degree in a related discipline and 8-12 years of relevant experience; additional experience may be accepted in lieu of a degree.
- Experience working with members of the Intelligence Community and understanding of Intelligence processes.
- In-depth knowledge of network and application protocols, cyber vulnerabilities, exploitation techniques, and cyber threat / adversary methodologies.
- Proficiency with analysis tools and protocols (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP / IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.).
- Experience with Intelligence Community repositories (Pulse, TESTFLIGHT, etc.).
- Experience with various open-source and commercial vendor portals, services, and platforms related to threat identification or combat.
Preferred Qualifications :
- Experience with the DODIN and other DoD Networks.
- Familiarity with DoD portals and tools (RAMs, IKE, JCC2, etc.).
- Experience with proprietary OS Intelligence Sources (Mandiant, Recorded Future, Shodan, etc.).
- Proficient in building extended cybersecurity analytics (Trends, Dashboards, etc.).
- Demonstrated experience briefing Senior Executive Service (SES) and General Officer / Flag Officer (GO / FO) leadership.
- Experience in intelligence-driven defense and / or Cyber Kill Chain methodology.
- IAT Level III or IAM Level II+III Certifications.
Salary Range : $120,000 - $160,000 per annum
Keywords : TDNA, DNEA, Digital Network Exploitation Analyst, Target Digital Network Analyst, Cyber security, cybersecurity, intelligence, allsource, humint, sigint, osint, cyber intelligence analyst, cyber intel analyst, open source intelligence, TCP / IP, malware, IDS, IPS, proxy, router, switch, IOC, indicators of compromise, APT, advanced persistent threats, Netflow, PCAP, wireshark, splunk, chopshop, dshell, network miner, moloch, Berkeley packet filter, BPF, analyst notebook, netviz, Palantir, kill chain analysis, CISSP, CEH, Security+, SANS, Network+, CCNA, COTS, GOTS, encryption, Python, law enforcement, novetta cyber analytics, mitre chopshop, arl dshell, benefits, vacation, holiday, 401K
LI-HW1