With over 50 years of combined legacy experience, everyday makes a difference in how the government serves our country and our citizens. We are a body of 19,000+ smart and talented individuals inspired by the important missions of our customers, and we believe that by working together we can deliver exceptional solutions and services to enable the safety, security, health and well-being of our nation! Together, we are committed to a stronger and better future for America through next-generation thinking made real today. Think Next. Now. Tomorrow’s promises, delivered today.
The Cyber Threat and Intelligence Analyst is an expert in hacker/hacktivist group capabilities and intentions, and nation-state sponsored CNE (computer network exploitation) and CNA (computer network attack) targeting the US Critical Infrastructure.
This position supports a Civilian Agency Cyber Security Operations Center (SOC) organization protecting the network security of tens of thousands of users. The work site is located in Leesburg, Virginia.This position requires the ability to identify potential threats based on agency utilized hardware and software.The Focused Operations analyst shall be knowledgeable of current and evolving hacking tools and methodologies available to disrupt these systems.The Focused Operations analyst responsibilities include:o Contribute to daily operational update meetings for SOC staff and unscheduled situational update briefings for FAA leaders as necessary.
Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs). Reference applicable departmental and operating administration policies in work products. Recommend sound remediation and recovery strategies, suggest defensive policy enhancements and information technology procedures. Access, secure and inspect classified information processing areas. Assist DOT and FAA law enforcement and counter intelligence offices with cyber investigations Provide forensic and network analysis, primarily Encase Enterprise and RSA Security Analytics/Netwitness.
Threat detection and trend analysis. Understand and convey of the lifecycle of the network threats, attack vectors, and network vulnerability exploitation. Maintain awareness of directives, orders, alerts, and messages. Provide content for FAA, and DOT shared situational awareness mechanisms i.e., websites, blogs, and Wikipedia style mechanisms. Maintain relationships with Intelligence Agencies, Law Enforcement (LE), and US Government organizations.
Maintain situational awareness of cyber activity in the Information Technology (IT) by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.o
Develop indicators of compromise and context for content creation, utilizing FireEye, ArcSight, and Splunk. Search for anomalous activity and investigate to provide identification; produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk Use customer, community, and open source reporting.Qualities/Additional info:Shift is Monday-Friday, 10A-6P.Focused Operations analysts should be a proven team player with excellent oral and written communications skills, and a fine attention to detail. Focused Operations analysts should also be self-starters, capable of working on projects independently, if required. Extremely effective oral and written communications skills are a must, in order to present strategy, scripting output and status information to the client in both formal and informal review settings. Frequent interaction with government client is required. Occasional local travel. Infrequent (
Job Qualifications: Required Education and Experience:Education:- Bachelor's degree in Computer Science or Information systems.OR- Minimum ten (10) years of relevant professional experience.Experience:- In addition to required education or equivalent experience.AND- Minimum four (4) years experience with cyber intelligence analysis experience.Preferred Experience:- Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. security information management tools such as Splunk, Netwitness, ArcSight).- Technical expertise in the capabilities and techniques of hacker/hacktivist groups, criminal syndicates, and advanced persistent threats conducting computer network exploitation and attacks against the U.S. government resources and critical infrastructure.- Familiar with signatures, tactics, techniques and procedures associated with preparation for and execution/implementation of such attacks especially Sourcefire/Snort/Firepower.- Experience with intelligence briefings.- Experience with threat analysis.- Experience with intelligence products.- Experience with early indications and warnings.- Experience with Open Source intelligence techniques.- Experience working in a network security incident response team, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).Level of Clearance Required: Department of Defense SecretUS Citizenship required
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.