Cyber Threat Analyst
Posted on December 2, 2011
Cyber Threat Analyst
Security Clearance: Top Secret
Location: Charleston, SC
Summary:
The candidate shall provide support for the ongoing analysis of threats capable of impacting resources being serviced by the NSOC CND SP activity based on review of programmatic, technical, and IA Certification and Accreditation documentation and daily review of open source / unclassified and classified threat warnings and bulletins.
Overview:
• Review IA certification and accreditation documentation, programmatic, and technical documentation for the NSOC and Network Protection Suites
• Review IA certification and accreditation documentation, programmatic, and technical documentation for each system or program of record serviced by the NSOC CND SP
• Review the SOPs and CND SP programmatic documentation for the NSOC
• Perform daily review of cyber threat warnings, bulletins, alerts, and incident reporting documentation and databases produced by the Director of National Intelligence (DNI), National Intelligence Counsel (NIC), Defense Intelligence Agency (DIA), National Security Agency (NSA), United States Strategic Command (USSTRATCOM), Joint Task Force Global Network Operations (JTF-GNO), military service cyber intelligence support activities, Central Intelligence Agency, Department of Homeland Security, US Computer Emergency Response Team, and coalition and allied partners.
• Perform daily review of open source / unclassified sources of cyber threat warnings, vulnerability announcements, from the DoD Information Assurance Vulnerability Management program, National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), SANS Institute and Internet Storm Center, security vendor advisories, and other cyber security new media sources for information that may impact operations
• Perform analysis and identify threats, vulnerabilities, or change to the level of risk associated with continued operations. Assess the level of threat associated with the circumstances and provide reporting to CND SP management. Reporting shall include specific information and sources used in the analysis, summary information, threat content, and recommendations for managing, mitigating, or avoiding the associated risk associated with the threat.
• Communicate to CND SP subscribers the results of the threat analysis and the associated reporting. Assist CND SP subscribers with comprehending the reporting, perform supplemental research, and guidance on implementing the prescribed risk mitigation strategy.
• Coordinate and deconflict threat analysis activities and reporting with existing NSOC IAVM program infrastructure.
• Coordinate the results of threat analysis with the current network monitoring resources for the creation of user defined signatures and other alerting capabilities as necessary to manage risks
• Obtain ‘known-bad’ file hash value lists of malicious activity from classified and open source resources and coordinate with NSOC HBSS and network monitoring resources the incorporation of this new data for continued monitoring
• Mentor junior cyber threat analysts and assist with construction of a robust cyber threat analysis capability in the NSOC
• Provide on-call support for mission critical activities during non-core business hours consistent with CND SP requirements
• Obtain and maintain compliance with applicable DoD 8570.01-M requirements. Cyber threat analyst support requires at least IAT Level II and CND Analyst certifications.