Cyber Threat Fusion Analyst (W/ Active Ts/Sci)

CYBER THREAT FUSION ANALYST (w/ active TS/SCI)
Location: Alexandria, VA
Travel Required: 10%
Clearance: Top Secret/ SCI
Type: On-site, Full-time
JOB DESCRIPTION
Critical Solutions has an immediate opening for a Cyber Threat Fusion Analyst to support our federal customer in Alexandria, VA. This position will utilize Cyber Threat Intelligence products and network security monitoring and will perform as the analyst in area of Cyber Threat intelligence. An active TS/SCI security clearance is required prior to start.
PRIMARY ROLES AND RESPONSIBILITIES:

• Implement the core Threat Intelligence concepts (ex. Cyber Kill Chain, MITRE ATT&CK, DoDCAR)
• Produce reporting for new or emerging threats and threat vectors.
• Utilize SIEM technologies to correlate security events and logs and identify threats.
• Incorporate threat intelligence into countermeasures to detect and prevent intrusions and malware infections.
• Identify threat actor tactics, techniques and procedures and based on indicators develops custom signatures and blocks.
• Understand and employ the MITRE ATT&CK Matrix.
• Recognize what you'll need to know to prevent or identify APT intrusions
• Identify network architectures and select network components
• Understand concepts of log and packet analysis
• Navigate the command line using specific expressions to manipulate data
• Handle and organize disparate data about detections, attacks, and attackers
• Employ discovery techniques and vetting of new intelligence.
• Create Situational Awareness Reports and Threat Briefs

BASIC QUALIFICATIONS:

• Must possess an active DoD TS/SCI security clearance or higher
• Bachelor's degree in Computer Science, Computer Engineering or related field and 8+ years of prior relevant experience; additional years of experience may be substituted in lieu of a degree.
• Computer defense technologies spanning endpoint, network, and open source
• Cyber Kill Chain or MITRE ATT&CK experience.
• Threat actor TTP and indicator identification using large data sources.
• Have a strong understanding how enterprise endpoint and network components contribute to Threat Intelligence and adversary detection.
• 8570 IAT II certification is required prior to start.
• It is preferred you will already possess an 8570 CSSP-Analyst certification. If not, it will be required for this to be obtained within 6 months of your start date.

PREFERRED QUALIFICATIONS:

• Experience working for a Cybersecurity Service Provider (CSSP) or Security Operations Center (SOC)
• Experience using a prominent Security Information and Event Management (SIEM) (ex. Splunk, Elasticsearch, ArcSight, QRadar)
• Custom signature development experience.
• Packet analysis experience.

LOCATION:

• Alexandria, VA. Onsite. No teleworking
• Must be able and willing to commute to work location

ADDITIONAL INFORMATION:
CLEARANCE REQUIREMENT:Must possess an active DoD Top Secret /SCI clearance. In addition, selected candidate must undergo background investigation (BI) and finger printing by the federal agency and successfully pass the preceding to qualify for the position. US CITIZENSHIP IS REQUIRED due to the nature of the government contracts we support.
CRITICAL SOLUTIONS PAY AND BENEFITS:
Salary range $103,000 - $132,000. The salary range for this position represent the typical salary range for this job level and this does not guarantee a specific salary. Compensation is based upon multiple factors such as responsibilities of the job, education, experience, knowledge, skills, certifications, and other requirements.
BENEFIT SNAPSHOT: 100% premium coverage for Medical, Dental, Vision, and Life Insurance, Supplemental Insurance, 401K matching, Flexible Time Off (PTO/Holidays), Higher Education/Training Reimbursement, and more