Work Location: Huntsville, AL
Roles & Responsibilities: Full Time Exempt position
The Cybersecurity Intelligence Analyst III Task Lead serves as a Cybersecurity functional expert and team leader in support of DOT&E missions pertaining to operational assessments of DoD warfighter platforms and networks. They will support Cybersecurity and Electromagnetic Activities (CEMA) being conducted by SA-TECH's customer, as well as the development of associated cyber threat mitigation strategies and countermeasures, procedures, methodologies, capability needs and resourcing. This support may extend to extending subject matter expertise to Cybersecurity Assessment Program (CAP) evaluations being executed during Joint and Service Training exercises. This position will involve analysis and heavy data mining relative to cyber threat TTP identification and employment during platform assessment missions. These efforts will ultimately support the enhancement of assessed platforms' overall cyber resiliency.
Candidates must have a solid foundation and advanced knowledge of signals intelligence analysis (specifically electronic intelligence), cybersecurity principles, Information Assurance policy, compliance requirements, and related network security measures, including but not limited to Protect, Detect, React, Restore and Resilience metrics.
Candidates must be competent in the application of Cybersecurity T&E Guidebook procedures to all network, C4ISR, weapons platforms, etc. from Sensor to Shooter.
Candidates must also be able to apply the six phases of the Guidebook to operational assessments on warfighting platforms and network, (both closed and open).
These phases include:
Understand the Cybersecurity Requirements, Characterize the Attack Surface, Cooperative Vulnerability Identification, Adversarial Cybersecurity DT&E and TTPs, Cooperative Vulnerability and Penetration Assessment, Adversarial Assessments. A particular appreciation of potential mission impacts is essential. Experience must include knowledge of Blue, Grey, and Red Threat and Network environments. Must have experience in translating customer weapon system requirements to CEMA and cyber resiliency operational assessment plans and measures. Practiced familiarity with integration of emerging cybersecurity technologies into multiple systems, penetration testing, cyber forensics, system security engineering, and vulnerability mitigation strategies to reduce advanced persistent cyber-attack risk is desirable as well.
Applicant shall possess strong problem-solving, analytical, communication and interpersonal skills and have solid knowledge or experience in several of the following areas:
- Versed in Cyber Threat Actor Tactics, Techniques and Procedures (TTPs)
- Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency.
- Deep understanding of Cyber Kill Chain and applicable analytic models such the Diamond Model
- Data mining that supports threat assessment development
- Development analytical products and reports
- Network and Internetwork Routing - Domain Name System protocol and architecture
- How an Antivirus program works
- How an Intrusion Detection System works
- How exploitation, implants, and beacons work
- Building effective communications to explain complex technical information to wider audiences
- Effective writing skills
Work and operate in a TS/SCI and SAP/SAR environment - (Sensitive Compartmented Information Facility (SCIF))
Normal work days are Monday thru Friday. Office hours are typically 8am-5pm.
Travel < 20%.
- Bachelor of Science (B.S.) or Bachelor of Arts (B.A.) degree and Eight (8) years' analysis experience, either in DoD or the IT industry OR a high school diploma or GED plus (12) years of relevant experience
- Associate's degree plus (10) years of highly relevant experience is acceptable
- Degrees in a technical fields (e.g., computer science, statistics, mathematics, engineering, cybersecurity) are preferred, but a B.A. or A.A. in a liberal arts field (Communications, Languages and Cultures, International Relations, and Political Science) are also acceptable
- Strong background in DoD fusion/all-source intel, particularly as the discipline pertains to Electronic Warfare (EW and/or ELINT
- Relevant experience must be in threat, intelligence, or traffic analysis (preferably in the military or IC).
- Proven experience in leadership and supervisory duties in a Cyber Threat environment
- Basic coding in scripting languages such as Python, R, or Ruby
- Calculating statistical significance and principle component analyses
- Basic Scripting for the GHOSTMACHINE environment
- Leveraging LABBENCH + Jupyter to interface with GMAE - TCP/IP: three-way hand-shake, reconstruction
- One of the following certifications: GCED, GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GCIH, CCFP, CCSP, CISSP, CSIH, CHFI, LPT, ECSA, OSCP, OSCE, OSWP, OSEE, EnCE
- Current Driver License.
- U.S. Citizenship.
- Must Currently Possess Top Secret/SCI
- All candidates will be required to pass a consumer report and/or consumer investigation to include SSN, Driver Record, Credit, and Criminal Background Investigation.
All responses will be handled with strict confidentiality.
Systems Application & Technologies, Inc. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.