The Threat Integration Leads overall goal is to maintain awareness of, curate, and triage current threats to which the CIRT should proactively monitor for and respond. Sources for information would be gathered from open and classified sources and via liaison with internal threat intel teams.
Determine the best way for the CIRT to put the information to use. The candidate MUST have an excellent understanding of how a CIRT/SOC functions and the standard technologies it leverages.
The candidate should have an understanding of what should be done with any indicators or other information they discover:
Should an IDS signature be made?
What technology do we have, or should we use to detect the threat?
Is it sufficient to make CIRT analysts aware of the information or TTP? If so, which teams need to know, and how can they use it?
Familiarity on Threat Management Tools such as MISP, HIVE, CORTEX
Continuously internally evangelize and promote how and why threat information should be and is essential in driving CIRT actions
An excellent verbal and written communication, reporting, and presentation skills are a must.
Create situation reports as required.
Maintain and regularly update an MS Teams channel dedicated to CIRT/Department of State-related Threat intelligence. ·
Assist with developing training opportunities for Junior analysts. - Identifies and creates training requirements/opportunities for Tier 1 and 2 members.
Supporting / Mentor analysts on new techniques and information sources. ·
Support ongoing incidents from non-CIRT organizations related to computer security when requested
Although the position does not have any direct reports, the Threat Lead will be part of the CIRT upper Management team. As such, the candidate should have a good understanding of how a CIRT functions, and the technologies involved so that they can be leaned on to help move the CIRT forward.
Bachelors or equivalent education and at least 5 years related work experience years
SANS GCIH and/or GCIA
Certified Ethical Hacker
Basic knowledge of Java, C, and/or C++
COVID-19 Vaccination Requirement: To protect the health and safety of its employees and to comply with customer requirements, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.