Cyber Ops Analyst- Lead Fusion Cell Cybersecurity

Cyber Intelligence Analyst

Marathon TS is hiring for Cyber Intelligence Analyst professionals. Our client is supporting the DISA GSMO program: This position will support the DISA GSM-O II Task Number 07 (TN07) Joint Force Headquarters DODIN. GSM-O II provides network operations and cyber defense support to the Defense Information Systems Agency (DISA) in support of the DoD and CoCOMs. The selected candidate shall execute in real time, in accordance with mission requirements, incident handling, triage of events, network analysis and threat detection, trend analysis, metric development, vulnerability information dissemination, and the DoD CNDSP methodology.

Primary Responsibilities

• Leverage intelligence and operational data, information and processes to identify threats, improve security, and reduce the enterprise's exposure of vulnerabilities.
• Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
• Support various collaborative and cross functional (Intelligence, Current Operations, Future Operations, Logistics, Planning, Resourcing and Requirements) forums to achieve centrally coordinated, threat informed and prioritized vulnerability scoring and mitigation methodology.
• Support the development of Cyber Fusion Standard, Cyber Fusion Framework and Methodology based on industry best practice and department of defense instruction, guidance, and policy.
• Perform threat informed analysis by leveraging serialized reporting, intelligence product sharing, OSINT, and open source vulnerability information to ensure prioritized plans are developed.
• Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment.
• Client adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data; investigate to identify or rule out system compromises, provide written analytic summaries and attack life cycle visualizations.
• Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
• Recommend adjustment of countermeasures, enterprise or tactical, to account for threats impacting the DODIN.
• Recommend adjustment of prioritized enterprise focused analysis based on immediate threat identified based on intelligence and other analysis performed.
• Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.

Required Skills/Level of Experience:

• Bachelor's degree in a related discipline with 12+ years of applicable combined education and experience; additional related years of experience is accepted in lieu of a degree.
• Active DoD TS/SCI clearance and eligible for C/I Polygraph
• IAT Level II Certification + CE. (Security +, CCNA Security, CySA+, GICSP, GSEC, CND, SCCP)
• Direct experience with network traffic monitoring/capture/analysis capabilities, and various IDS, IPS, SIM/SIEM/SOAR technologies, to include IDS signature development.
• Familiarity with all related aspects of cybersecurity operations/analysis (e.g. incident response & management, forensic media analysis, malware analysis/reverse-engineering, cyber threat intelligence analysis, etc.) and security architecture & engineering.
• In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs).
• Proficiency with datasets that support analysis (e.g. passive DNS, WHOIS/registration data, system/service enumeration data, threat indicators/observables, malware analysis results, etc) and various open-source and commercial vendor portals/services/platforms that provide that data.
• Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs)

Nice to Have Skills:

• Experience with DISA and DoD Networks.
• Skilled in building extended cyber security analytics.
• Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
• Experience in intelligence driven defense and/or cyber Kill Chain methodology.

Other Skills/Requirements:

Required skills:

Microsoft Excel

Microsoft Word

Rational Clearquest

Rational ClearCase

CMMi Level 3

Excellent verbal and written communication skills

To be considered for work, a candidate must be either a U.S. citizen or permanent resident alien (no H1 visa holders). Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").