Cyber Threat Intelligence Analyst
006-01-001 Washington, District of Columbia, United States Full time 006-01-001-00-5-000500 Are you interested in joining an amazing technical team providing cyber operations support to a variety of complex organizations? phia, LLC is seeking a highly skilled Cyber Threat Intelligence Analyst to join our team of qualified, diverse individuals supporting the US Department of Energy (DOE). DOE is responsible for the protection of vital national security information and technologies, representing intellectual property of incalculable value throughout nearly thirty sites and laboratories nationwide. This position is located in Washington, DC DUTIES: Collect, analyze and report on cyber threats and threat actors to support cyber operations Understand and analyze all sources of information (eg, INTs, open source, law enforcement and other government data) on a specific topic or target Provide tactical to strategic level analysis, including attribution of cyber actors; may use traditional or defined intel analysis techniques to do so Provide situational awareness of local, regional, and international cyber threats impacting relevant client missions and interests Produce all-source cyber intelligence analysis using various industry and government tools, available classified and unclassified data sets, and accepted methodologies for assessing network traffic Identify, investigate and analyze cyber events of intelligence significance Collect data, analyze results, and prepare intelligence products relating to cyber mission objectives Generate oral briefings, raw intelligence reports and finished intelligence products utilizing accepted Intelligence Community tradecraft and methodologies Support cyber operations designed to pursue anomalies or cyber threats on Information Technology or Information Control System networks Requirements REQUIRED QUALIFICATIONS: BA/BS in Intelligence, Computer Science, Information Security, or a related field or equivalent experience (two years of experience for each year of schooling) 4-12+ years of experience working in the areas of intelligence, cyber information security, hunt, cyber operations, network forensics, insider threat, etc. Possess analytical skills to make efficient and acceptable decisions Experience analyzing classified/close source, commercial and open-source intelligence feeds, adding context, and sharing key findings through executive briefings Effective oral and written communication skills to interact with stakeholders and other teams Experience interpreting and producing intelligence reports All source including cyber intelligence analysis experience Must be highly motivated with the ability to self-start, prioritize assignments, and work in a collaborative team environment Active Top Secret or Q clearance with an investigation within the last 5 years (sponsorship opportunities available for highly qualified candidates) PREFERRED QUALIFICATIONS: Active DOE Q SCI, DOD Top Secret/SCI or higher clearance 10+ years of related technical experience working in cyber operations, threat intelligence or analysis Knowledge in incident response with experience in threat analysis Knowledge and understanding of the MITRE ATT&CK framework with associated tactics, techniques and tools for attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc. Experience researching events in multiple network and host-based security applications Proven experience with data correlation and analysis experience between multiple intelligence source feeds, a Threat Intelligence Platform (TIP) (eg Analyst Platform, Anomali, Threat Connect, etc.), and Splunk/Elastic to conduct data analysis to identify trends and patterns Be able to demonstrate knowledge on how to enable indicator detection at every point along the kill chain CERTIFICATIONS: one or more preferred - GCIH, GCFE, RHCE, CPTE, or CEH MA/MS in computer science, information security, or a related field or equivalent experience Experience with coding in python, PowerShell, etc. WORK SCHEDULE: Core Hours (8am-5pm; start/end time flexible) WORK LOCATION: Washington, DC TRAVEL: TELEWORK ELIGIBILITY: Pandemic rotating schedule one week onsite; two weeks offsite; normal operations ad-hoc with approval SECURITY REQUIREMENTS: DOE Q Clearance / DoD Top Secret; Current SCI desired. Must have had a valid investigation within last 5 years COMPANY OVERVIEW: phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities. phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following: Medical Insurance Vision Insurance Life Insurance Short Term & Long-Term Disability 401k Retirement Savings Plan with Company Match Paid Holidays Paid Time Off (PTO) Tuition and Professional Development Assistance phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.