GCS is seeking a Sr. Net Defense Intel Analyst to serve as the Cyber Threat/Intel Analysis focal point for all Computer Network Operations stakeholders, in the ARCENT/USFOR-A (S) CJOA AOR. Engage with ARCYBER, ARCENT G2, CJTF, NSA, DIA, CID, and all other Intel agencies to continually monitor, analyze and address Cyber threats as it relates to networks/systems, DoDIN communications and operations within the USCENTCOM AOR.
The Analyst shall fuse Cyber and PMESII threat information and intelligence to provide predictive warning, threat analysis, and course of action recommendations, in support of current and long-term network defense/defensive information operations, network security engineering and collaboration with the defensive cyberspace operations community of interest. The candidate will work under the immediate supervision of a military shift leader or other contract personnel designated by the PM.
• Provide expert IA-CND assessments, advice, situational awareness and expertise to USARCENT, CJTF, 335TH, and RCC-SWA in support of operational impact assessments of events, incident handling, course of action development and related IA-CND response actions at the Tier 1 and Tier 2
• Support IA-CND planning, current operations, and security engineering activities of the IA Branch and leadership.
• Monitoring, consuming and analyzing operational, intelligence, and incident reporting
• Monitoring and querying ArcSight SIEM for anomalous activity and exporting data relevant to the Intel mission
• Conduct intelligence research, analysis and assessments through the use of intelligence and law enforcement community products, databases, websites, and commercial/open source tools, but not limited to any specific network, systems or security resource used to monitor or collect information.
• Provide rapid correlation, analysis and dissemination of information and intelligence, through the fusion of all-source Intelligence resources, and relay indications and warnings of pending, possible or actual attack/s or compromise/s to the appropriate military leadership.
• Produce intelligence reports, products and/or recommendations to support situational awareness, planning, network, systems and security configurations and infrastructure engineering, incident response actions and DOD operations.
• Provide assessments of attacks and attempts against USCENTCOM/USARCENT networks and recommend possible mitigation actions
• Fuse, correlate, and analyze information and intelligence to provide indications and warnings of pending, possible or actual attacks or compromises to the DOD GIG or network/s, network devices and/or systems within the USCENTCOM AOR.
• Disseminate information and intelligence to decision makers, the communities of defensive cyber operations, cyber-security, NETOPS, and information operations, in order to assist in planning, operations, and intelligence activities. Manage and respond to requests for information from USCENTCOM/USARCENT IA-CND sections, and NETOPS decision makers to provide actionable information/intelligence and finished intelligence products to support their planning and operations.
• Degree or equivalent experience
• Must have 6 years of professional experience.
• Must have a minimum of 2 years Cyber Intel working experience in a DOD/LE environment with the ability to translate traditional Intelligence reporting into cyber threat alerting
• Strong understanding of Intelligence Authorities, Oversight, collection plans and requirements as it applies to DoD OSINT
• Experience providing tactical and strategic real world cyber intelligence support to Command leadership using Computer Network Defense mission analysis in conjunction with All-Source Intelligence Feeds to provide actionable output.
• Possess strong written, verbal communication, and presentation skills with the ability to brief mid-level and senior audiences in person or via phone/VTC.
• Advanced Microsoft Excel and Powerpoint skills
• Familiarity with host forensics
• Strong understanding Threat-hunting and demonstrable skills in executing threat-hunting TTP s
• Skill and experience conducting analysis using the following technologies and capabilities:
• ArcSight Logger and ESM
• McAfee IntruShield IPS
• Cisco Sourcefire/Firepower IDS
• Palantir or TAC
• Security or ISC2 SCCP (ISC2 CISSP Preferred)
• CCNA Security, MCSA or Linux with strong emphasis on security
• Any one or more of the following: GCIA, GCIH, GPEN, CEH, ECSA
• Must possess strong analytical skills using various traditional Intelligence analytic methodologies
• Must possess a solid understanding of LAN/WAN routing protocols, LAN switch technologies, firewalls, network/systems and security infrastructures and understand how they inter-operate
• Must meet overseas medical deployment qualifications.
• Must possess the willingness to travel with the military to locations throughout Southwest Asia, as required, to support the military customer at their location(s) via military air/land convoy.
• Ability to lift and carry 50 lbs.
• Ability to work in a bivouac environment.
• Willing to travel to overseas locations for a 1 year unaccompanied deployment.
• Ability to maintain a professional and courteous manner in difficult situations.
• Ability to maintain high quality work to manage multiple critical projects.
• Ability to perform and participate in a team oriented environment.
• Ability to communicate effectively with a diverse group of users.
• Excellent customer service skills and demeanor.
• Must have an active TS with the ability to possess and maintain an active DOD TS clearance with full SCI eligibility.
DESIRED ADDITIONAL SKILLS
• Formal experience with various traditional Intelligence Analytic Methodologies in a DOD/LE environment
• Advanced ArcSite event analysis experience
• Advanced Excel VBA Scripting/Programming applied to log analysis, with emphasis on ArcSite
• CCNP Security
• GPEN, GCIH, and OSCP
• BOSIC 301/302 Certified
• OSINT 401 Certified
• HP ArcSight Certified Security Analyst