Cyber Threat Analyst - Arlington, VA

Job Description

ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans, Transitioning Military, National Guard and Reserve Members, Military Spouses, Wounded Warriors, and their Caregivers. If you have the required skill set, education requirements, and experience, please click the submit button and follow the next steps. All positions are onsite, unless otherwise stated.

Position Title: Information Technology Specialist (INFOSEC)
Series & Grade: GS 2210 13
Promotion Potential: GS 14
Agency: Department of Homeland Security
Organization: Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division (CSD), Joint Cyber Defense Collaborative (JCDC)
Location: Arlington, VA (and other locations as determined by the agency)
Clearance: TS/SCI (ability to attain)
Who May Apply:

• Veterans with a 30% or more service-connected disability rating
• Individuals eligible under Schedule A (5 CFR 213.3102(u))

Summary
This position is located in the Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division (CSD), Joint Cyber Defense Collaborative (JCDC). CISA is the Nation's risk advisor, working with partners to defend against today's threats and to build more secure and resilient infrastructure for the future.
CSD leads cybersecurity efforts for CISA as the Nation's flagship civilian cyber defense organization. Within CSD, the JCDC brings together Federal, State, local, Tribal, territorial, international, and private sector partners to enable joint cyber defense planning, real time collaboration, and shared response to significant cyber risks and incidents.
As an Information Technology Specialist (INFOSEC), you will serve as a senior cyber defense incident responder and analyst. You will plan and implement advanced cyber defense capabilities, lead incident response activities, and conduct time sensitive enrichment and analysis of diverse cyber threat and telemetry data in support of JCDC operational priorities.

Duties:
As an Information Technology Specialist (INFOSEC), GS 2210 13, you will:

• Implement higher level IT security requirements resulting from laws, regulations, and Presidential directives, and integrate security controls and practices across IT and cybersecurity disciplines.
• Define the scope and level of detail for IT security plans and policies that govern CISA and JCDC security programs, ensuring alignment with agency wide cyber defense strategies.
• Develop long range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities across diverse environments.
• Review proposed new systems, networks, and software designs for potential security risks and resolve integration issues related to the implementation of new capabilities within existing infrastructures.
• Lead implementation activities for new security capabilities, institute measures to ensure awareness and compliance, and identify the need for changes based on evolving technologies and threats.
• Review and evaluate security incident response policies and procedures and recommend improvements to enhance organizational readiness and response.

Cyber Defense Incident Response and Analysis

• Serve as a primary cyber defense incident responder, coordinating and providing expert technical support to enterprise wide cyber defense personnel to resolve cyber incidents.
• Perform cyber defense incident triage, including determining scope, urgency, and potential operational impact; identifying specific vulnerabilities or attack vectors; and recommending remediation actions to enable rapid response.
• Conduct real time incident handling, including forensic collection, intrusion correlation and tracking, threat analysis, and direct system remediation in support of deployable Incident Response Teams (IRTs).
• Correlate and analyze security relevant events from multiple sources (such as network activity, host-based telemetry, log analysis, alerts, and threat intelligence) to determine the nature, scope, and impact of cyber threats and attacks.

Threat Intelligence Enrichment and Data Driven Analysis (JCDC Focused)

• Investigate and operationalize partner shared cybersecurity insights, unique cyber threat intelligence, and network/host telemetry into actionable outcomes, recommendations, and products in support of JCDC operations.
• Contextualize and enrich technical indicators (such as IP addresses, domains, file hashes, and adversary tactics, techniques, and procedures) using:
  • Open source and commercial data sources requiring research, data correlation, and technical analysis skills;
  • Structured analytic frameworks and methodologies for threat intelligence and adversary behavior mapping;
  • Internal data holdings, including network flow analysis, asset management, and intelligence reporting.
• Identify anomalies in network and host data and determine which systems may be vulnerable based on vulnerability and product/version information, as well as unique technical signatures.
• Map technical insights and observed behaviors to structured analytic frameworks to support hunting, detection engineering, and partner outreach.
• Pair threat, vulnerability, and defensive telemetry in novel ways to identify or predict high confidence malicious activity against partner networks or technologies.
• Conduct open source and classified/partner intelligence research on operational priorities and emerging cyber events to keep JCDC operators and partners informed with timely, actionable details.

Documentation, Communication, and Partner Engagement

• Author and maintain robust technical and operational documentation in knowledge management platforms, ensuring that workflows, playbooks, and analytic findings are clearly captured and reusable.
• Clearly distill and summarize broad and complex operational information for varied audiences, including:
• Executives and decision makers who require concise, risk focused summaries; and
• Analysts, defenders, and hunters who require detailed technical context and indicators.
• Draft and deliver technical reports, briefings, and presentations to internal and external partners, adjusting content and language to match audience technical depth.
• Engage with JCDC partners (Federal, State/Local/Tribal/Territorial, international, and private sector/critical infrastructure) in technical and operational settings to:
  • Solicit new insights and data;
  • Collaborate on joint priorities; and
  • Provide additive technical and informational value in shared cyber defense efforts.
• Perform other duties as assigned.

Requirements:

• You must be a U.S. citizen.
• You must be able to obtain and maintain a Top Secret clearance with eligibility for access to Sensitive Compartmented Information (TS/SCI).
• This position is designated Special Sensitive.
• This position requires pre employment drug testing and is subject to random drug testing thereafter.
• You may be required to complete a probationary period.
• This position may be designated as Essential Personnel. Essential personnel must be able to report for duty or remain on duty during continuity of operations events regardless of weather, protests, acts of terrorism, or funding lapses.

Certificates/Security Clearances/Other

Requirements:

• You must be a U.S. citizen.
• You must be able to obtain and maintain a Top Secret clearance with eligibility for access to Sensitive Compartmented Information (TS/SCI).

Additional Qualifications/Responsibilities

Qualifications: You must meet both the IT related experience requirement and the specialized experience requirement described below by the closing date of this announcement.

• 1. IT Related Experience (All Applicants) Your resume must demonstrate IT related experience that shows each of the following four competencies (OPM 2210 standard):
  • Attention to Detail - Is thorough and conscientious in analyzing logs, telemetry, and indicators; carefully validates data and conclusions before disseminating.
  • Customer Service - Works with internal and external partners (e.g., other Federal agencies, SLTT entities, private sector organizations) to assess cyber defense needs, provide assistance, and ensure operationally useful outcomes.
  • Oral Communication - Clearly conveys technical and non technical information to audiences at varying levels of expertise; presents complex cyber issues in a structured, understandable manner.
  • Problem Solving - Identifies cyber issues; determines accuracy and relevance of information; uses sound judgment to generate and evaluate options and provide well reasoned recommendations.
• 2. Specialized Experience (GS 13) You must have one full year of specialized experience at the GS 12 level or equivalent in the Federal service, performing all of the following:
  • Implementing or overseeing IT and cybersecurity controls and requirements derived from Federal laws, regulations, policies, or directives, and integrating those controls into operational systems or networks;
  • Developing or contributing to long range plans or strategies for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities;
  • Reviewing proposed or existing systems, networks, or software designs for security risks, identifying vulnerabilities, and recommending or implementing mitigations;
  • Performing or leading cyber defense incident response activities (e.g., incident triage, forensic data collection, intrusion tracking, threat analysis, and system remediation) in response to actual or potential cyber events;
  • Correlating and analyzing security events and telemetry from multiple sources (e.g., network data, host data, threat intelligence, logs, and alerts) to determine the nature, scope, and impact of cyber threats or incidents, and documenting and escalating incidents as appropriate; and
  • Conducting or supporting cyber threat intelligence enrichment and analysis, including the use of structured frameworks and multiple data sources (such as analytic methodologies for adversary behavior mapping and research across open-source, commercial, and government data) to produce actionable insights or products for defenders and decision-makers.

Desired (not required) experience and skills that may enhance your competitiveness include:

• Experience in threat hunting, red/blue/purple team operations, or other deeply technical cyber defense domains.
• Familiarity with advanced analytic and link-analysis skills for mapping relationships and patterns in complex data sets.
• Familiarity with core networking and security protocols and concepts (e.g., DNS, SMTP, SSL/TLS) and Advanced Persistent Threat (APT) tactics, techniques, and procedures.
• Experience documenting workflows, playbooks, and technical findings in structured knowledge management environments.
• Demonstrated ability to work in fast paced operational environments, manage multiple concurrent tasks, and engage ad hoc with analysts, senior leaders, legal teams, and external partners.

Note: Experience refers to paid and unpaid experience, including volunteer work done through National Service programs and other organizations. Your resume must clearly describe your relevant experience, including job titles, series and grades (if Federal), duties, and hours worked per week.