Advanced Threat Detection and Hunt Analyst

This position will support the Defense Information Systems Agency (DISA) GSM-O II program, and DISA Global Defensive Cyber Operations (DCO) organization based out of Scott AFB, IL with Threat Detection and Hunt efforts, management of adversary indicators of compromise, tracking and monitoring of adversary tactics, techniques, and procedures, and leading certain Nation State focused activities internally and externally to DISA Global. This position will provide technical guidance for defensive cyber operations activities and will be expected to actively engage with a variety of customers and mission partners, anticipating their needs, and delivering flawlessly. 

POSITION SUMMARY:
GSM-O II provides network operations and cyber defense support to the Defense Information Systems Agency (DISA) in support of the Department of Defense (DoD) and Combatant Commands (CoCOMs).

PRIMARY RESPONSIBILITIES:

• Maintain situational awareness of cyber activity by reviewing DoD, Intelligence Community and open source reporting for new threat actors, vulnerabilities, malware or other threats that have the potential to impact the DoDIN.
• Conduct general focused hunts as guided and lead all efforts related to certain Nation States and associated threat actors.
• Synthesize, summarize, consolidate and share potentially malicious activities on the DoDIN with DISA and mission partner organizations by creating incident reports, wiki updates, collaboration/chat tippers and notifications, DoD incident handling database queries, metrics, and trend reports.
• Assist in providing threat and vulnerability analysis as well as security advisory services and recommendations.
• Train and mentor other team members.

BASIC QUALIFICATIONS:

• Must have an active Top Secret clearance.
• Bachelor's degree with 4-8 years of professional experience or Associate’s degree with 6-8 years of professional experience (related DISA and domain (relevant Nation State actors) experience and cyber courses/certification is accepted in lieu of a degree.)
• Must have DoD-8570 IAT Level 2 baseline certification (Security+ CE or higher) at start date and be able to obtain CSSP-A certification within 180 days of start date. 
• Proficient in reading/writing one of the following Korean, Russian, Mandarin, Arabic or Farsi
• Up to date awareness of geo-political situation in the AOR
• Proficient understanding of Cyber Network Defense (CND) in regards to protect, detect, respond and sustain within a Computer Incident Response organization. 
• Excellent verbal and written communication skills including the ability to clearly articulate technical and strategic level cyber matters to a variety of audiences.
• Highly developed research and analytical skills to pinpoint statistically significant patterns related to cyber threats.

PREFERRED QUALIFICATIONS:

• Basic conversational fluency in Korean, Russian, Mandarin, Arabic or Farsi
• Knowledgeable in Cloud security/defense.
• Experience with DISA and DoD Networks.
• Working knowledge of cyber operational security, log analysis, netflow analysis, incident response, malware analysis, computer forensics, and/or cyber-crime.
• Advanced Certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP.
• Demonstrated experience briefing local leadership.
• Prior linguist experience or intelligence background
• Working knowledge and proficiency utilizing Wireshark and Splunk analysis tools.
• Experience in intelligence driven defense and/or Cyber Kill Chain (CKC) methodology; knowledge of Advanced Persistent Threat (APT) and other cyber threat modeling frame works.
• Working knowledge of the U.S. Intelligence Community and/or Fusion centers.

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.