Cyber Threat Analyst

Job Description:

XOR Security is currently seeking talented master-level Cyber Threat Analysts to support one of our premier clients within the Department of Defense for the Defense Cyber Crimes Center (DC3). The DC3 program provides comprehensive Forensic, Malware Analysis, and Reverse Engineering support across the Defense enterprise by providing deep analysis of potential threat activity targeting critical DoD assets.  To support this vital mission, XOR staff is on the forefront of providing full spectrum Media Analysis and Systems Engineering support, to include the development of advanced tools and analysis techniques to protect critical DoD assets from hostile adversaries. To ensure the integrity, security, and resiliency of DC3’s critical operations, we are seeking a senior Cyber Threat Analyst in the Linthicum, MD, area.

The ideal candidate will apply a comprehensive knowledge across key tasks and high impact assignments and can plans and lead major technology assignments.  S/he functions as a technical expert across multiple project assignments, evaluates performance results, and recommends major changes affecting short-term project growth and success. S/he may supervise others.  The candidate will use their experience, knowledge, and analytical skills on behalf of the Air Force Lifecycle Management Center (AFLCMC) Cyber Resiliency of Weapons Systems (CROWS) effort and will produce analytical products supporting the AF cyber campaign plan to design, operate, and sustain AF systems and capabilities with security and resiliency. The candidate will perform analytical research in a team environment focused on cyber threat actors/activity, author and review intelligence products by applying technical expertise, while also consulting and making recommendations for new solutions to cyber analytical issues as needed. Additionally, the candidate will be expected to collaborate with analysts from DC3-AG, task force analysts and CROWS stakeholders outside of DC3, various other Intelligence Community agencies, and other Defense Criminal Investigative Organizations (AFOSI, CID, DCIS) on a regular basis. Successful candidates will rely heavily on experience serving in past intelligence analyst roles in DoD, Computer Network Operations, Law Enforcement/Counterintelligence, or Intelligence Community mission-focused organizations. The selected candidate should be comfortable writing documents up to 30 pages in length.

Strong written and verbal communications skills are a must.

Preferred Skills:

Required Qualifications:

• Only candidates with a current TS/SCI clearance will be considered
• BA/BS in Information Technology, Information Security, Computer Science, Intelligence Studies, Cyber Security or a related field of study, and a minimum of fifteen (15) years performing technical cyber threat intelligence analysis; thirteen (13) years of professional experience with a Master’s degree in the above fields; ten (10) years of professional experience with a related PhD/JD; 23 years of related professional experience without a degree
• Strong knowledge of general intelligence analysis principles governing the collection and evaluation of raw intelligence as well as the production and publication of finished intelligence
• Strong knowledge of all-source intelligence and analysis processes, and the ability to correlate data and research using open source repositories (ex. VirusTotal, DomainTools, ThreatMiner, etc.)
• Strong ability to provide analysis supporting assessments of the overall impact of data loss on current and future USAF weapons programs, scientific and research projects, and warfighting capabilities (in accordance with guidance as set forth in Air Force Instruction 33-200)
• Strong knowledge of Cyber Threat Intelligence (CTI) principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength
• Strong understanding of US Intelligence Community and how cyber intelligence organizations work together for purposes of conducting cyber threat analysis
• Strong proficiency in intelligence report writing for DoD and USIC consumers
• Intermediate ability to present technical information and analysis to groups (Candidate will be required to brief up to 50 persons on a quarterly basis and smaller groups of up to 10 persons on a weekly basis)
• Strong ability to conduct Incident Report Analysis on incidents reported under applicable DFARS procedures
• Familiarity with DoD Damage Assessment Management Office (DAMO) Program guiding documents and mission (DFARS Procedures, Guidance, and Information (PGI) 204.7303-4 DoD damage assessment activities)
• Strong familiarity with threats and vulnerabilities to supply chain, and a deep understanding of the damage assessment process, specifically regarding data compromised as a result of adversary intrusions into contractor networks
• Apply formal intelligence analysis methods, develop hypotheses, prove/disprove relationships, question actions and motives, defend your analysis, and apply attribution to cyber threat activity. Candidate must be able to make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis. Candidate must be able to identify and avoid analytic bias.
• Self-starter with the ability to proactively engage and develop relationships with intrusion set subject matter experts and analyst counterparts across the US Intelligence and Law Enforcement communities

Desired Qualifications:

• Background supporting USAF or DoD intelligence analysis components
• Subject Matter Expert of Advanced Persistent Threat activity
• Formal training as an intelligence analyst in any discipline – graduate of US Government intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc.
• Certifications (any): CISSP, CEH, Security , SANS certification(s), Network , CCNA
• Advanced Data Visualization proficiency leveraging COTS/GOTS tools
• Any type of cyber-related law enforcement or counter-intelligence experience
• Analyst experience in a Federal Cyber Center or corporate computer incident response team
• CI polygraph referred, but not necessary to start

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.