Host Analyst

Host Analyst

Job Category: Security

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Continental US

* * *

CACI is seeking a skilled and analytical Host Analyst to join our dedicated team supporting the U.S. Strategic Command (USSTRATCOM) Cybersecurity Service Provider (CSSP). This role directly aligns with the DoD 8140 Cyber Workforce Framework work role for Host Analyst (ID: 463) at the Advanced level. The successful candidate will possess deep knowledge of various system configurations and perform in-depth analysis using endpoint security solutions and built-in system tools. Responsibilities include analyzing system services, configurations, file systems, permissions, logs, and memory; identifying and responding to host-based threats; and managing endpoint security tools. This position requires the ability to work rotating shifts as necessary to support 24/7 mission requirements. 

 

The Opportunity:  

Join a CACI team where the mission is critical, and the team culture is paramount. We are building a positive, fun, collaborative, and light-hearted environment focused on collective success and individual growth. Our leadership is committed to: 

Culture: Fostering an engaging workplace through gamified cyber concepts (tabletop exercises, Backdoors & Breaches card game), team contests, informative lunch-and-learn sessions, active participation in local youth cyber programs, and opportunities to attend leading industry conventions like DEFCON and BSIDES. 

Training: Championing life-long learning. We prioritize robust training programs aligned with your career goals and DoD requirements, including opportunities related to advanced host analysis and endpoint security. Our leadership provides mentorship and resources to ensure continuous professional development. 

Talent Management: Investing in your future. Every team member receives a detailed and fully customized Individual Development Plan (IDP). We facilitate cross-training and exploration of different roles within CACI, ensuring you remain challenged, engaged, and never bored. 

This is more than just a job; it's an opportunity to specialize in endpoint security and host analysis, contributing directly to the defense of critical national security infrastructure within a supportive team. 

 

Responsibilities: 

As a Host Analyst, you will perform advanced host-level analysis and endpoint security tasks, including but not limited to: 

• Endpoint Security Management: Manage, configure, tune, and monitor enterprise endpoint security solutions (e.g., EDR, HIPS, HIDS, AV). Develop custom signatures/rules based on threat analysis (KSAT 4171, 4238). 

• Host-Based Analysis: Analyze potentially malicious processes, libraries, modules, and system services on Windows, Linux, and Unix systems (KSAT 4184, 4185, 4589). Analyze memory dumps and volatile data to identify anomalous behavior (KSAT 4179, 4371). Compare current system state against established baselines (KSAT 4195, 4207). 

• Log Analysis & Correlation: Configure, collect, and analyze host logs to identify indicators of compromise and correlate activity across systems (KSAT 4216, 4217, 4225, 4266, 4281). Integrate findings with SIEM platforms (KSAT 4363). 

• Forensic Artifact Collection: Capture forensically sound memory and disk images for analysis or escalation (KSAT 4197, 4198, 4315). 

• Vulnerability & Compliance Assessment: Analyze host configurations for vulnerabilities, misconfigurations, and compliance with STIGs and organizational policies (KSAT 4189, 4251, 4319, 4375). Evaluate patch levels (KSAT 4252). 

• Incident Support: Provide host-level analysis support during incident response activities. Perform root-cause analysis for host-based intrusions (KSAT 4320). Validate alerts from host-based security tools (KSAT 8212). 

• Reporting & Recommendations: Document findings, analysis steps, and develop detailed reports on host security status and potential compromises (KSAT 4239). Provide recommendations for tuning, remediation, and risk mitigation (KSAT 4337). Ensure reporting meets JFHQ-DODIN timelines per CJCSM 6510.01B. 

• Stakeholder Collaboration: Work with system administrators, incident responders, and other stakeholders to investigate findings and implement security improvements. 

• Additional Duties: Perform other related duties as assigned by leadership to meet mission requirements and support USSTRATCOM objectives. Depending on experience and team structure, this role may involve working under direct supervision or potentially providing guidance, training, or supervision to others. 

 

Qualifications: 

Required Certifications (Must possess one): 

• CompTIA Cybersecurity Analyst (CySA+) CE 

• (ISC)² Systems Security Certified Practitioner (SSCP) 

• EC-Council Certified Ethical Hacker (CEH) 

• Microsoft Certified: Security Operations Analyst Associate (SC-200) 

Conditional Alternative Certifications (Considered): 

• GIAC Certified Intrusion Analyst (GCIA) 

• GIAC Certified Incident Handler (GCIH) 

• GIAC Certified Windows Security Administrator (GCWN)   

• GIAC Certified UNIX Security Administrator (GCUX)  

Education & Experience: 

• Bachelor's degree (BS) in Information Technology, Cybersecurity, Computer Science, or a related technical field is required. 

• A minimum of 7 years of relevant experience is preferred, with a strong emphasis on host analysis, endpoint security administration, incident response, or systems administration in a security context. 

• Mandatory Experience: Demonstrated hands-on experience managing and analyzing data from one or more major Endpoint Security Solutions such as Trellix/McAfee ePO/ENS, Crowdstrike Falcon, Microsoft Defender for Endpoint (MDE), Windows Sysmon, or SentinelOne. 

• Experience working within DoD or Federal government environments and familiarity with DoD cybersecurity policies, STIGs, and frameworks is highly desirable. 

• Knowledge of DISA HBSS (Host Based Security System) training (Admin 201, Advanced 301, Analyst 501) is helpful. 

• Expert-level knowledge of Windows and Linux/Unix operating system internals, file systems, registry (Windows), processes, and common persistence mechanisms (KSAT 4416, 4585, 4589). 

• Proficiency with host analysis tools, scripting languages (e.g., PowerShell, Python, Bash) for automation and analysis, and log analysis techniques. 

• Strong understanding of networking concepts (TCP/IP) and common attack vectors. 

• Excellent analytical and problem-solving skills with strong attention to detail. 

• Effective written and verbal communication skills. 

• Must be willing and able to work rotating shifts (days, evenings, nights, weekends, holidays) as required by mission needs. 

• Must possess an active or be eligible to acquire Top Secret w/ SCI security clearance. 

-

________________________________________________________________________________________

What You Can Expect:

 

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

 

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy. 

 

Your potential is limitless. So is ours.

Learn more about CACI here.

________________________________________________________________________________________

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.

The proposed salary range for this position is:

$65,000 - $136,500

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.