Cyber Threat Analyst
Washington, DC, United States
JOB DESCRIPTION:
Plan, implement, respond and monitor security measures for the Federal Reserve System. Comply with security polices to ensure controls are accurate and in place to safeguard the customers security infrastructure. Lead in the creation of documents that integrate threat intelligence reports, open source analysis, and Federal Reserve System information to communicate the aggregated results to people who need to know the results (e.g., government decision-makers, security officials, senior corporate officials)
ROLE AND RESPONSIBILITIES:
• Ability to work with little direct oversight
• Excellent organizational skills; able to actively track and prioritize issues and inquiries
• Ten years of experience in performing, technical research and intelligence analysis for the U.S. Government
• Solid experience in areas such as:
• Network and/or operating system security;
• Computer network intrusion detection/prevention systems;Firewalls; IT network-based attack methodologies and tools;Security operations and incident response technologies and methodologies
• Highly developed research and analytical skills to work with data and pinpoint statistically significant patterns related to cyber threats
• Attention to detail
• Forward thinking, e.g. “What would I do next if I were the attacker”
• Strong presentation skills, as the Key Personnel will be expected to brief others on findings and recommendations
• Solid teamwork skills, including the ability to collaborate with others who are conducting research in the same, similar, or different areas
• Excellent writing/communication skills
• Interagency Team skills include:
• Packet capture (TCP, IP, UDP) and packet analysis including knowledge of networking protocols and ports and the tools used to perform this type of work (e.g. TCPDUMP, WireShark, SNORT, YARA, SPLUNK etc.)
• Knowledge of network segmentation, protocols, and ability to identify networks
• Knowledge of cryptography (TLS, SSL, WEP, RC4 and file level encryption (e.g., “When are you likely to see RC4 in use and when would it be an indicator of compromise?”) and knowledge of cryptanalysis
• Expert level knowledge of Windows command shell and command; Windows operating system
• Knowledge of UNIX and Mac operating systems
• Expert level knowledge of *nix command shell s and commands
• Knowledge of file types and HEX signatures if common file types
• Working knowledge of common vulnerabilities and penetration tools, RATS, etc. to determine level of expertise and capabilities of the threat
• Knowledge of malware types, composition, capabilities and reverse engineering
• Certifications such as ethical hacker, penetration tester, SANS GIAC, etc.
• Ability to identify attack surfaces using open source intelligence
• Ability to identify exploitable vulnerabilities
QUALIFICATIONS AND EDUCATION REQUIREMENTS:
• TOP SECRET w/ SCI required
• Ten years of experience in performing cyber threat analysis for the U.S. Government
• Bachelor's degree in Computer Science, Information Systems, or another related field
• Understand and discuss at least six of the following concepts: analytic tradecraft standards, cyber kill chain, diamond model, advanced persistent threat, cybercrime, hacktivism, cyber fraud, malware and ransomware, social engineering, incident response, threat intelligence, and host and network-based security.
• Advanced understanding of intelligence tools and their capabilities
• Ability to maximize applicability of the tools to identify relevant and timely intel
• Understanding of payment systems, markets, and the financial sector
• Understanding of Corporate and government technology (networks, hardware, software, operating systems, etc.)
• Cybersecurity tools / perspectives (defensive, investigative, analytical, risk, etc.)
• Advanced threat actions, tactics, techniques, and procedures
• Experience with continuing operations during a cyber or other incident response
REQUIRED CERTIFICATIONS:
Must have at least one of the following:
• CISSP (Certified Information Systems Security Professional)
• Security+
• ISSEP (Information Systems Security Engineering Professional)
• GIAC (Global Information Assurance Certification)