Job Description

Position: Cyber Fusion Watch Officer (DNEA or TDNA)

Location: Fort Meade, MD

Shifts:

• Team 1: 0500 – 1500/Monday – Thursday (Not usually available)
• Team 2: 1300 – 2300/Monday – Thursday
• Team 3: 2100 – 0700/Monday – Thursday
• Team 4: 0420 – 1730/Friday – Sunday
• Team 5: 1620 – 0530/Friday – Sunday

Overview:

We are seeking a qualified individual to fulfill the role of Cyber Fusion Watch Officer at our Fort Meade, MD location. The position involves providing support to the Joint Force Headquarters-DoD Information Network (JFHQ-DODIN), contributing to network operations, and defensive cyber operations for the United States Cyber Command in alignment with DoD objectives.

Key Responsibilities:

• Utilize diverse network monitoring tools to detect and analyze cyber adversary activities, employing methods such as netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data.
• Contribute to the development of Cyber Fusion standard operating procedures (SOPs) and framework based on industry best practices, Department of Defense instructions, and guidance.
• Identify and assess threats to the enterprise, recommending mitigation strategies to enhance security and minimize the attack surface.
• Conduct analysis using serialized threat reporting, intelligence sharing, OSINT, and open-source vulnerability information to develop prioritized plans.
• Analyze and document malicious cyber actors' Tactics, Techniques, and Procedures (TTPs), aligning recommendations with vulnerabilities and their applicability to the operational environment.
• Investigate and analyze system compromises, providing written analytic summaries and visualizations of attack life cycles.
• Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
• Collect and analyze metrics and trending data, offering situational awareness on key trends.
• Guide the use of OSINT techniques in investigatory requirements.
• Perform quality assurance on SIGACTs, ensuring compliance with policies and capturing all necessary information before closure.

Required Qualifications:

• Active DoD TS/SCI Clearance and eligibility for polygraph.
• DoDD 8570 IAT Level II Certification (SEC+, CySA, GICSD, etc.).
• Bachelor’s degree in a related discipline and 8-12 years of relevant experience; additional experience may be accepted in lieu of a degree.
• Experience working with members of the Intelligence Community and understanding of Intelligence processes.
• In-depth knowledge of network and application protocols, cyber vulnerabilities, exploitation techniques, and cyber threat/adversary methodologies.
• Proficiency with analysis tools and protocols (e.g. Splunk, CMRS, VDP, passive DNS, Virus Total, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Arcsight, etc.).
• Experience with Intelligence Community repositories (Pulse, TESTFLIGHT, etc.).
• Experience with various open-source and commercial vendor portals, services, and platforms related to threat identification or combat.

Preferred Qualifications:

• Experience with the DODIN and other DoD Networks.
• Familiarity with DoD portals and tools (RAMs, IKE, JCC2, etc.).
• Experience with proprietary OS Intelligence Sources (Mandiant, Recorded Future, Shodan, etc.).
• Proficient in building extended cybersecurity analytics (Trends, Dashboards, etc.).
• Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
• Experience in intelligence-driven defense and/or Cyber Kill Chain methodology.
• IAT Level III or IAM Level II+III Certifications.

Salary Range: $120,000 - $160,000 per annum

Keywords: TDNA, DNEA, Digital Network Exploitation Analyst, Target Digital Network Analyst, Cyber security, cybersecurity, intelligence, allsource, humint, sigint, osint, cyber intelligence analyst, cyber intel analyst, open source intelligence, TCP/IP, malware, IDS, IPS, proxy, router, switch, IOC, indicators of compromise, APT, advanced persistent threats, Netflow, PCAP, wireshark, splunk, chopshop, dshell, network miner, moloch, Berkeley packet filter, BPF, analyst notebook, netviz, Palantir, kill chain analysis, CISSP, CEH, Security+, SANS, Network+, CCNA, COTS, GOTS, encryption, Python, law enforcement, novetta cyber analytics, mitre chopshop, arl dshell, benefits, vacation, holiday, 401K

#LI-HW1