Senior Cyber Intrusion Analyst

Senior Cyber Intrusion Analyst – The Senior Cyber Intrusion Analyst shall have the knowledge and abilities outlined in the core functions listed below. Although each category doesn’t require a minimum of 8 years experience, the Senior Cyber Intrusion Analyst shall have a total of at least 8+ years related experience and the ability to advise Government personnel on streamlined processes and techniques for conducting the items listed under the core functions. This individual shall act as the cyber SME.  

Required Active Clearance: TS clearance with SCI eligibility  

Experience:   

• Experience drafting and reviewing analytical products  
• Experience conducting all source research and link analysis in a cyber threat hunting context   
• Conduct research, binary analysis, and reverse engineering of suspicious and malicious software to determine functionality, complexity, and impact of its implementation on victim/compromised systems of interest  
• Link and correlate digital information, such as, threat data (victim/source IP addresses, URL, malicious software), actor contacts or personal data, system logs, obtained from single or multiple sources and develop attribution   
• Experience with analysis of security and event logs, web logs, 0365 logs, and net flow data   
• Experience analyzing cyber intrusion activities   
• Conduct analysis using open source and provided technologies and threat intelligence to make recommendations on analytical procedures for NDCA to address cyber threats and vulnerabilities targeting U.S. interests  
• Experience in the analysis and recovery of encrypted and plaintext passwords or secure keys; identify software programs, hidden rootkit activity, hidden or clear network traffic information, active registry hives, specific command lines, and other system activity  
• Experience participating in tactical and strategic collaboration, teaming, and coordination opportunities   
• Experience with Splunk conducting cyber threat hunting or data analytics  
• Ability to brief analytical findings to a variety of audiences  
• All Analysts must be able to participate in workshops, briefings and all other programs which provide a foundation for the analyst to gain better insight on bureau matters, other government agency matters, private sector and/or other matters which would enhance the employees' subject matter expertise as it pertains to cyber  
• Additional duties as determined by the government   

OVERALL DUTIES AND RESPONSIBILITIES of the TEAM 

• Draft analytical products based upon cyber analysis performed, and actively participate in the review and quality control process for such reporting efforts  
• Conduct all source research of community reporting to stay abreast of current trends and maintain subject matter expertise. This research will require the utilization of Joint Worldwide Intelligence Communications System (JWICS) and Sensitive Compartmented Information Operational Network (SCION)   
• Utilize both JWICS and SCION for communication with other Offices and our Department of Defense partners  
• Conduct research, binary analysis, and reverse engineering of suspicious and malicious software to determine functionality, complexity, and impact of its implementation on victim/compromised systems of interest  
• Using open source and provided tools, link and correlate digital information, such as, threat data (victim/source internet protocol (IP) addresses, uniform resource locators (URL), malicious software), actor contacts or personal data, system logs, obtained from single or multiple sources and develop attribution   
• Provide analysis of network log data to identify anomalous behavior   
• Conduct threat hunting and analyze cyber intrusion activities and make appropriate recommendations for the FBI to collect, monitor, counteract, or mitigate the threat   
• Analyze leading-edge technologies and make recommendations on analytical tools and procedures for TACU to address cyber threats and vulnerabilities targeting U.S. national interests  
• Support TACU mission priorities and functions through participation in tactical and strategic collaboration, teaming, and coordination opportunities internally across lines of business and externally across the intelligence community. The Contractor will use both JWICS and SCION when partnering with the intelligence community.  
• Provide TACU mission partners with investigative and operational leads to enable attribution, link analysis, and other target relevant and enhancing information. Both JWICs and SCION will be utilized when providing said information  
• Provide cyber threat hunting or data analytics using Splunk   
• Conduct threat hunting and analyze cyber intrusion activities and make appropriate recommendations  to collect, monitor, counteract, or mitigate the threat  
• Provide subject matter information and context (e.g., unique information not readily available in indices or through data analytics) to assigned squads and/or programs  
• Research, review, and analyze intelligence information to provide tactical analysis to mitigate threats and drive operations. This research will require the utilization of JWICS and SCION.   operational programs and investigative cases  
• Exploit intelligence information derived from cases/operations and add value by integrating additional reliable and relevant information from other internal or external sources  
• Prepare full scope intelligence products such as intelligence notes, briefings, and other consumer-driven investigative/intelligence reports  
• Apply analytical expertise to formulate conclusions or recommend further action to advance investigations in furtherance of the field office collection strategy; identify and develop indicators for domain awareness from cases  
• Review information collected by assigned agent/collectors, identify intelligence for potential Intelligence Community and/or LE dissemination, and as required/appropriate prepare Intelligence Information Report and/or other intelligence products on reportable intelligence  
• Compare and contrast new  or other reporting with previously reported intelligence, seek corroborative data, and assess individual pieces of information in broader case/operation/program context for domain awareness and source validation  
• Where appropriate, identify new targets (subjects and sources) and relationships; and disseminate to squads  
• Compiling and disseminating targeting packages  
• Document and explain connections between subjects and persons of interest to the Intelligence Community or LE in Targeting Packages and Analytic Electronic Communications (ECs)  
• Provide briefings to a variety of audiences, including FBI executives, when needed 

BENEFITS INFORMATION:

• 401K matching up to 3%
• Medical/dental/vision insurance (50%) for employee and family
• Short term disability
• Life and accidental death and dismemberment insurance
• 3 weeks (120 hours) PTO annually
• 10 paid holidays
• Work/life balance
• Travel opportunities
• Training and certifications