Cyber Intel

The Analyst shall fuse Cyber and PMESII threat information and intelligence to provide predictive warning, threat analysis, and course of action recommendations, in support of current and long-term network defense/defensive information operations, network security engineering and collaboration with the defensive cyberspace operations community of interest. The candidate will work under the immediate supervision of a military shift leader or other contract personnel designated by the PM.

RESPONSIBILITIES

• Provide expert IA-CND assessments, advice, situational awareness and expertise to USARCENT, CJTF, 335TH, and RCC-SWA in support of operational impact assessments of events, incident handling, course of action development and related IA-CND response actions at the Tier 1 and Tier 2
• Support IA-CND planning, current operations, and security engineering activities of the IA Branch and leadership.
• Monitoring, consuming and analyzing operational, intelligence, and incident reporting
• Monitoring and querying ArcSight SIEM for anomalous activity and exporting data relevant to the Intel mission
• Conduct intelligence research, analysis and assessments through the use of intelligence and law enforcement community products, databases, websites, and commercial/open source tools, but not limited to any specific network, systems or security resource used to monitor or collect information.
• Provide rapid correlation, analysis and dissemination of information and intelligence, through the fusion of all-source Intelligence resources, and relay indications and warnings of pending, possible or actual attack/s or compromise/s to the appropriate military leadership.
• Produce intelligence reports, products and/or recommendations to support situational awareness, planning, network, systems and security configurations and infrastructure engineering, incident response actions and DOD operations.
• Provide assessments of attacks and attempts against USCENTCOM/USARCENT networks and recommend possible mitigation actions
• Fuse, correlate, and analyze information and intelligence to provide indications and warnings of pending, possible or actual attacks or compromises to the DOD GIG or network/s, network devices and/or systems within the USCENTCOM AOR.
• Disseminate information and intelligence to decision makers, the communities of defensive cyber operations, cyber-security, NETOPS, and information operations, in order to assist in planning, operations, and intelligence activities. Manage and respond to requests for information from USCENTCOM/USARCENT IA-CND sections, and NETOPS decision makers to provide actionable information/intelligence and finished intelligence products to support their planning and operations.

REQUIRED SKILLS

• Degree or equivalent experience
• Must have 6 years of professional experience.
• Must have a minimum of 2 years Cyber Intel working experience in a DOD/LE environment with the ability to translate traditional Intelligence reporting into cyber threat alerting
• Strong understanding of Intelligence Authorities, Oversight, collection plans and requirements as it applies to DoD OSINT
• Experience providing tactical and strategic real world cyber intelligence support to Command leadership using Computer Network Defense mission analysis in conjunction with All-Source Intelligence Feeds to provide actionable output.
• Possess strong written, verbal communication, and presentation skills with the ability to brief mid-level and senior audiences in person or via phone/VTC.
• Advanced Microsoft Excel and Powerpoint skills
• Familiarity with host forensics
• Strong understanding Threat-hunting and demonstrable skills in executing threat-hunting TTP’s
• Skill and experience conducting analysis using the following technologies and capabilities:
  • ArcSight Logger and ESM
  • McAfee IntruShield IPS
  • Cisco Sourcefire/Firepower IDS
  • Palantir or TAC
• Security+ or ISC2 SCCP (ISC2 CISSP Preferred)
• CCNA Security, MCSA or Linux+ with strong emphasis on security
• Any one or more of the following: GCIA, GCIH, GPEN, CEH, ECSA
• Must possess strong analytical skills using various traditional Intelligence analytic methodologies
• Must possess a solid understanding of LAN/WAN routing protocols, LAN switch technologies, firewalls, network/systems and security infrastructures and understand how they inter-operate
• Must meet overseas medical deployment qualifications.
• Must possess the willingness to travel with the military to locations throughout Southwest Asia, as required, to support the military customer at their location(s) via military air/land convoy.
• Ability to lift and carry 50 lbs.
• Ability to work in a bivouac environment.
• Willing to travel to overseas locations for a 1 year unaccompanied deployment.
• Ability to maintain a professional and courteous manner in difficult situations.
• Ability to maintain high quality work to manage multiple critical projects.
• Ability to perform and participate in a team oriented environment.
• Ability to communicate effectively with a diverse group of users.
• Excellent customer service skills and demeanor.
• Must possess and maintain an active DOD TS clearance with full SCI eligibility.

DESIRED ADDITIONAL SKILLS

• Formal experience with various traditional Intelligence Analytic Methodologies in a DOD/LE environment
• Advanced ArcSite event analysis experience
• Advanced Excel VBA Scripting/Programming applied to log analysis, with emphasis on ArcSite
• CISSP-ISSAP
• CCNP Security
• MCSE
• GPEN, GCIH, and OSCP
• BOSIC 301/302 Certified
• OSINT 401 Certified
• HP ArcSight Certified Security Analyst

143194BR 143194