Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Advanced Cyber Threat Analyst

H

H2L Solutions

Advanced Cyber Threat Analyst

Huntsville, AL
Full Time
Paid
Similar Jobs
  • Responsibilities

    Advanced Cyber Threat Analyst (ACTA) - The Advanced Cyber Threat Analyst shall have the knowledge and abilities outlined in the core functions listed below. Although each category doesn’t require a minimum of 5 years experience, the Advanced Cyber Threat Analyst shall have a total of at least 5+ years related experience and the ability to advise Government personnel on streamlined processes and techniques for conducting the items listed under the core functions.

    Required Active Clearance: TS clearance with SCI eligibility

    Experience: ****

    • Experience analyzing cyber intrusion activities
    • Experience participating in tactical and strategic collaboration, teaming, and coordination opportunities
    • Ability to provide subject matter information and context in briefings, discussions with subject matter experts
    • Experience in research, review, and analysis of intelligence information
    • Experience in providing tactical analysis
    • Experience conducting all source research, link analysis
    • Experience with analysis of network logs, security logs, web logs, 0365 logs, and net flow data
    • Experience analyzing cyber intrusion activities
    • Ability to identify and report new issues, trends, patterns, intelligence gaps, and anomalies
    • Experience in the exploitation of intelligence information derived from cases/operations
    • Experience preparing full scope intelligence products such as intelligence notes, briefings, and other consumer-driven investigative/intelligence report
    • Experience applying analytical expertise to formulate conclusions or recommendations
    • Experience in compiling and disseminating targeting packages
    • Ability to brief analytical findings to a variety of audiences

    OVERALL DUTIES AND RESPONSIBILITIES of the TEAM

    • Draft analytical products based upon cyber analysis performed, and actively participate in the review and quality control process for such reporting efforts
    • Conduct all source research of community reporting to stay abreast of current trends and maintain subject matter expertise. This research will require the utilization of Joint Worldwide Intelligence Communications System (JWICS) and Sensitive Compartmented Information Operational Network (SCION)
    • Utilize both JWICS and SCION for communication with other FBI Offices and our Department of Defense partners
    • Conduct research, binary analysis, and reverse engineering of suspicious and malicious software to determine functionality, complexity, and impact of its implementation on victim/compromised systems of interest
    • Using open source and provided tools, link and correlate digital information, such as, threat data (victim/source internet protocol (IP) addresses, uniform resource locators (URL), malicious software), actor contacts or personal data, system logs, obtained from single or multiple sources and develop attribution
    • Provide analysis of network log data to identify anomalous behavior
    • Conduct threat hunting and analyze cyber intrusion activities and make appropriate recommendations to collect, monitor, counteract, or mitigate the threat
    • Analyze leading-edge technologies and make recommendations on analytical tools and procedures for TACU to address cyber threats and vulnerabilities targeting U.S. national interests
    • Support TACU mission priorities and functions through participation in tactical and strategic collaboration, teaming, and coordination opportunities internally across lines of business and externally across the intelligence community. The Contractor will use both JWICS and SCION when partnering with the intelligence community.
    • Provide TACU mission partners with investigative and operational leads to enable attribution, link analysis, and other target relevant and enhancing information. Both JWICs and SCION will be utilized when providing said information
    • Provide cyber threat hunting or data analytics using Splunk
    • Conduct threat hunting and analyze cyber intrusion activities and make appropriate recommendations to collect, monitor, counteract, or mitigate the threat
    • Provide subject matter information and context (e.g., unique information not readily available in indices or through data analytics) to assigned squads and/or programs
    • Research, review, and analyze intelligence information to provide tactical analysis to mitigate threats and drive operations. This research will require the utilization of JWICS and SCION.
    • Identify and report new issues, trends, patterns, intelligence gaps, and anomalies within and across operational programs and investigative cases
    • Exploit intelligence information derived from cases/operations and add value by integrating additional reliable and relevant information from other internal or external sources
    • Prepare full scope intelligence products such as intelligence notes, briefings, and other consumer-driven investigative/intelligence reports
    • Apply analytical expertise to formulate conclusions or recommend further action to advance investigations in furtherance of the field office collection strategy; identify and develop indicators for domain awareness from cases
    • Review information collected by assigned agent/collectors, identify intelligence for potential Intelligence Community and/or LE dissemination, and as required/appropriate prepare Intelligence Information Report and/or other intelligence products on reportable intelligence
    • Compare and contrast new FBI or other reporting with previously reported intelligence, seek corroborative data, and assess individual pieces of information in broader case/operation/program context for domain awareness and source validation
    • Where appropriate, identify new targets (subjects and sources) and relationships; and disseminate to squads
    • Compiling and disseminating targeting packages
    • Document and explain connections between subjects and persons of interest to the Intelligence Community or LE in Targeting Packages and Analytic Electronic Communications (ECs)
    • Provide briefings to a variety of audiences, including executives, when needed

    BENEFITS INFORMATION:

    • 401K matching up to 3%
    • Medical/dental/vision insurance (50%) for employee and family
    • Short term disability
    • Life and accidental death and dismemberment insurance
    • 3 weeks (120 hours) PTO annually
    • 10 paid holidays
    • Work/life balance
    • Travel opportunities
    • Training and certifications