Global Information Grid (GIG) Service Management-Operations (GSM-O), a Defense and Intelligence Group of Leidos has an opening for an Intelligence Analyst at Fort Meade, MD.
The selected candidate shall provide subject matter expertise while producing and disseminating all-source integrated intelligence analysis to support DoDIN and defensive cyberspace operations (DoDIN/DCO-Internal Defensive Measures) planning, integration, coordination, and execution. The candidate shall assist in analyzing ongoing threat related activities and information targeting the DoDIN and develop Joint Intelligence Preparation of the Operational Environment (JIPOE) for a cyber functional area of responsibility. The candidate will assist in analyzing kinetic and non-kinetic threats and defensive cyber activities on DoD systems and make recommendations for JFHQ-DoDIN Commander action to protect the DoDIN. Analysis will evaluate operational information, intelligence assessments and reports, Computer Emergency Response Team, Law Enforcement/Counterintelligence, allied/coalition, and open-source information to assess potential impacts on the DoDIN and alert the JFHQ-DoDIN staff and leadership. At the direction of JFHQ-DoDIN leadership, the candidate shall maintain communications with JFHQ-DoDIN Components, cyber national mission force, cyber protection teams, Department of Homeland Security/NCSD, DoDIN service providers, other CERTS and Information Assurance Centers to identify threats. The analyst shall maintain visibility of events occurring both within U.S. government systems and internationally as directed to identify possible relationships to current and databased intelligence. The analyst must be capable of writing and briefing for senior executives (General/Flag Officer, SES, etc.).
· Produce and disseminate all-source integrated intelligence analysis to support DODIN and defensive cyberspace operations (DODIN/DCO-internal Defensive Measures) planning, integration, coordination, and execution. Assist in analyzing ongoing threat related activities and information targeting the DODIN and develop Joint Intelligence Preparation of the Operational Environment (JIPOE). Make recommendations for JFHQ-DODIN action to protect the DODIN.
· Provide all-source analytical support to DODIN/DCO to include production of cyber related Intelligence Estimates.
· Produce special reports and assessments related to specific incidents and trends concerning threats to the DODIN as required.
· Conduct analysis to identify indications of adversary activity and warn (Indications and Warning) leaders of potential threats, cyber developments, events or conditions that may adversely affect the DODIN; advising leaders in order to proactively confront emerging challenges, leverage opportunities, avoid surprise and produce strategic outcomes favorable to the U.S. or allied interests.
· Respond to the J2 for threat identification of activity directed against DoD systems.
· Evaluate international events, all-source and open-source intelligence, and operational information to assist in the assessment of potential impacts to the DODIN and alert the JFHQ-DODIN Staff and Leadership to potential network exploitation or attacks. Using these techniques and taking advantage of web-based research tools, match potential threat candidates with identified activity, produce reports and/or briefs, and make intelligence-derived recommendations to the J2/J3 for the defense of the affected network.
· Develop and present in-depth intelligence briefings and presentations concerning nation-state and non-state actor capabilities and activities, specific actor profiles, and incidents affecting DoD communications networks.
· Assist the J2 in the management of daily intelligence reports and bulletins and web sites on the classified networks.
· Maintain communications as directed by the J2, with intelligence representatives at JFHQ-DODIN, Service components, other Combatant Commands, Department of Homeland Security, National Infrastructure Protection Center (NIPC), Intelligence Community, Joint Staff J2/JCS, DODIN service providers, and other organizations as designated.
• Clearance: DoD TS/SCI and eligible for C/I Polygraph
• BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Analysis, Cyber Security, or another related field of study or equivalent 8+ years performing cyber threat intelligence analysis. 4+ years of additional related years of experience is accepted in lieu of a degree.
• Intelligence all-source analysis; Defense Intelligence Analysis Program; intelligence writing and briefing at a senior level is a must
• Ability to place threats in the proper context and identify the “so what” for decision makers; ability to communicate technical information to non-technical audiences
• Provide cyber threat characterization and indications and warning of threats to the DoDIN
• Provide intelligence support and assessments to joint military cyber plans (e.g., Annex B, JPGs, OPTs, etc.)
• Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask “why”, defend your analysis, and apply attribution to cyber threat activity
• Technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection
• Prepare detailed analysis reports, products, cyber threat assessments, and briefings of security incidents and related intelligence. Establishes criteria and assesses potential impacts of intrusions.
• Strong analytical and research skills with an extensive understanding of classified research tools and websites
• Familiar with the DoD, Intelligence Community, and private sector cyber community
• Strong understanding of the Intelligence Cycle
• Ability to write detailed and comprehensive cyber intelligence analytical products in a team environment
• Self-starter with the ability to engage with cyber intelligence analyst counterparts across the US Intelligence and cyber communities; lead and participate in working groups, conferences, etc.
• Demonstrated application of intelligence analysis and tradecraft through writing and presentation ability. Writing samples may be required.
• Ability to present analysis to large groups on a regular basis
• Demonstrated expertise using various intelligence and cyber GOTS/COTS analytical tools: Analyst Notebook, Palantir, TAC, M3, HOTR, Sharkseer, SIEM, Pulse, iSpace, etc.
• Demonstrated ability and flexibility to support planning and execution of military exercises involving cyber defense training objectives (Occasional surge/weekend hours and travel may be required)
• Strong working ability with all MS Office applications (Word, PowerPoint, Excel, Project, etc.)
• Demonstrated understanding of cyber advanced persistent threats, actors, infrastructure, and TTPs
• In-depth knowledge of cultural, social and political activities and threat conditions in foreign countries
• Formal training as an intelligence analyst or officer – graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, AirForce, etc.
• Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity
• Advanced Data Visualization proficiency leveraging COTS/GOTS tools
• Technical Skills proficiency: encryption technologies/standards
• Cyber security with cloud technologies, Wireless, IoT, etc.
• Existing Subject Matter Expert of Advanced Persistent Threat activity
• Understanding of defensive cyber operations to include incident response
• Experience with joint and combined military exercises
• Analyst experience in any Federal Cyber Center (NCTOC, IC-SCC, Cyber Command, CNMF, CPT, JFHQ-Cyber, NCIJTF, DHS US CERT) or Corporate CIRT
• Any type of cyber related law enforcement or counterintelligence experience
• Recent experience performing NETFLOW or PCAP analysis using analysis tools (Wireshark, SourceFire, etc)
• Experience using ArcSight, FireEye, or other SIEM tools
• Hold one or more of the below certifications:
- SANS: GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH)
- (ISC)² Certified Information Systems Security Professional (CISSP)
- CompTIA Advanced Security Practitioner (CASP)
- CompTIA Security+, Network+
- EC-Council Certified Ethical Hacker (CEH)