The Defense Group of Leidos has an opening for an Endpoint / Threat Detection Analysis & Coordination Analyst supporting the Global Information Grid (GIG) Service Management-Operations (GSM-O) contract at Ft. Meade, MD.
The selected candidate will support the detection, monitoring, correlation, and prevention of cyber threat activity targeting the DODIN. In addition, they will understand the details of Named Areas of Interest and advanced persistent threats that impact the DODIN with an in-depth knowledge and ability to analyze, track, correlate, harvest, trend, and report on the unique TTPs utilized.
The candidate will support GSMO Task Order 30
- Configure, maintain, and utilize JFHQ-DODIN and CC/S/A/FA capabilities in order to detect, monitor, track, and analyze malicious activity targeting the DoD.
- Consume, review, correlate, and report on high priority DoD, Intelligence, and USG operational reporting of threat and vulnerabilities to correlate similar incidents/events, malicious tradecraft, TTPs of malicious activity, and indicators utilized to impact or target the DODIN.
- Develop consolidated notification and updates to the JFHQ-DODIN JDOC on threat and vulnerability activity.
- Develop, obtain government approval, and release situational awareness reports/products; operational directives/order and coordination messages; and quarterly threat analysis reports and metrics.
- Review, analyze, and maintain the content of a DoD indicator database to aid in the detection and mitigation of threat activity.
- Update DoD shared situational awareness mechanisms including JFHQ-DODIN websites, Wikipedia style solutions, and collaboration / chat mechanisms.
- Develop and present cyber threat briefings, presentations, and papers to JFHQ-DODIN leadership to ensure situational awareness and status are conveyed related to the assigned project areas.
- Operate as the DoD community leader for the discovery of threat activity and associated indicators. Determine sophistication, priority, and threat level of identified malware and intrusion related TTPs.
- Develop metrics and trending/analysis reports of malicious activity used to compromise the DODIN. Develop, staff, and release analysis findings in technical analysis reports to DoD Community. Manage a DoD prioritization process to identify priority threats and vulnerabilities that are impacting the DODIN.
- Develop signatures for use within DoD threat detection capabilities to detect potentially malicious activity on the DODIN. Coordinate with JFHQ-DODIN partner organizations to distribute, receive, and conduct analysis on vulnerability and threat information that impacts the DODIN.
- Active DoD TS/SCI clearance and eligible for polygraph
- Bachelor's Degree w/ 4-8 years of related experience
- Previous tools experience working with ArcSight, Splunk, PCAP, JIMS or equivalent toolsets.
- Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection)
- Experience in an Operations Center providing Senior Leaders specified reports based on information received from supporting units.
- Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
- Critical/logical thinking skills
- Experience working with the Intelligence Community and priority intelligence requirements
- Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language
- DoD 8570 Requirements IAM Level III
- ITIL v3 Foundation certified
External Referral Eligible