CS2 Consulting

Computer Forensic & Intrusion Analyst (Journeyman)

US-MD-Hanover
3 months ago
ID
2017-1277
# of Openings
1
Category
Information Technology

Overview

Position Description: The selected candidate will serve as a Linguist Analyst in the Defense Cyber Crime Center - Analytical Group (DC3-AG). The candidate will use their language skills to provide translation and analytic support in a team environment focused on cyber threat actors/activity. The candidate will author and review intelligence products by applying their linguist skills, cultural knowledge and technical abilities. Additionally, the candidate will be expected to collaborate with analysts and agents from the FBI, various other Intelligence Community agencies, and the Defense Criminal Investigative Organizations (AFOSI, NCIS, CID, DCIS) on a regular basis. The candidate will rely heavily on their experience serving in past roles in Computer Network Operations, Law Enforcement/Counterintelligence, or Intelligence Community mission focused organizations. The selected candidate should be comfortable writing documents up to 60 pages in length. Only candidates with current active DoD TS/SCI will be considered.

Alliant LCAT Description: Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable.

Suggested Qualifications: 13 years of professional experience without a degree; or 5 years of professional experience with a Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education; or 3 years of professional experience with a related Masters degree; or no experience required with a related PhD or JD. Consideration should always be given for the level of specific domain expertise.

Responsibilities

Secret Clearance Required

Qualifications

Required Skills:
• BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence analysis, Cyber Security or another related field of study or equivalent 3+ years performing cyber threat intelligence analysis.

• Candidate must have a strong all-source intelligence or counterintelligence background with 5+ years of experience serving in an analyst or agent role. Pertinent skills or experience include persona development, HUMINT targeting, support to law enforcement or counterintelligence investigations, Open Source Intelligence (OSINT) collection, Social Media/Social Networking analysis.

• Candidate must have a high proficiency with the Mandarin language with a DLPT (or equivalent test) score of R3/L3 or better within the last 4 years.

• Candidate must have knowledge of cyber terminology, tools, and concepts.

• Candidate must have a strong analytic writing ability and be able to provide a writing sample demonstrating the ability to produce and edit analytic products. Candidate must have at least 2 years of experience writing intelligence analysis products within the last 5 years. A technical writing sample and technical editing test will be required if the candidate has not previously authored published intelligence analysis products.

• Strong ability to apply formal intelligence analysis methods, develop hypotheses, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity. Candidate must be able to make confidence-based assessments and be able to identify analytic bias.

• Basic to intermediate technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection. A Security+ certification or equivalent training will satisfy this.
• The candidate should have the ability to build intrusion related data visualizations and perform analysis (i.e., using I2 Analyst Notebook, Netviz, Palantir, etc).
• Strong understanding of US Intelligence Community and how cyber intelligence organizations work together.

• Strong ability to present information and analysis to groups up to 50 persons on a quarterly basis. Candidate will be required to brief smaller groups up to 10 persons on a weekly basis.

• Candidate must be a self-starter with the ability to proactively engage and develop relationships with subject matter experts and analyst counterparts across the US Intelligence and Law Enforcement communities.

Desired Skills:
• Experience building persona development products within the LE/CI or Intelligence Community
• Expertise in assessing sources using the PAMSSA method
• Formal training as an intelligence analyst in any discipline – graduate of USG intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc
• Formal Law Enforcement/Counterintelligence training: i.e., FLETC, JCITA, etc.
• Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity
• Certifications (any): CISSP, CEH, Security+, SANS certification(s), Network+, CCNA 
• Advanced NETFLOW and PCAP Analysis 
• Advanced Data Visualization proficiency leveraging COTS/GOTS tools 
• Technical Skills proficiency: encryption technologies/standards 
• Intermediate malware analysis or digital computer forensics experience 
• Any type of Cyber related Law Enforcement or Counterintelligence experience 
• Existing Subject Matter Expert of Advanced Persistent Threat activity
• Experience using GOTS, COTS/Open Source tools: i.e., NOEISIS, Novetta Cyber Analytics, Mitre ChopShop and/or ARL DSHELL
• Analyst experience in Federal Cyber Center or Corporate CIRT

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed