Job Description: Cyber Intelligence SME
XOR Security is currently seeking several talented Cyber Intelligence Analyst to support an Agency-level Security Operation Center at DHS. This program provides targeted threat monitoring and response capabilities requiring analysts to have advanced levels of experience in security event monitoring, incident response, malware analysis and reverse engineering, cyber intelligence, insider threat, penetration testing, and fusion analysis (skills in more than one cyber discipline are preferred). The positions will respectively focus on Cyber Intelligence analysis. To support this vital mission, XOR staff are on the forefront of providing Advanced Analytics, Cyber Threat Emulation, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with cyber intelligence analysis, intrusion set/APT actor attribution, intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, big data analytics, and cyber ticketing management.
- Experience collecting, analyzing, storing, reporting, maintaining, and applying information pertinent to security investigations and incidents in a form that can support current and/or future analysis, situational awareness, and law enforcement investigation efforts.
- Experience monitoring and collecting cyber intelligence from FOUO, Open Source, and Classified (S/TS/SCI) sources of threat data.
- Assess the potential risks it may present to the TSA network infrastructure from threat actors.
- Advise on the implementation of protective measures on the TSA network security infrastructure to mitigate against the threats identified.
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- Minimum of 5 years of specialized experience in one or more of the following areas: Cyber Intelligence Analysis, Email security, Digital media forensic, Monitoring and detection, Incident Response, Vulnerability assessment and Pen Test
- Currently cleared at SECRET and can be cleared to the TOP SECRET/SCI level preferably with a DHS-agency EOD.
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage) and Hunting (Attribution, Targeting)
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
- Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent.
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting.
- Extensive experience analyzing and synthesizing information with other relevant data sources, providing guidance and mentorship to others in cyber threat analysis and operations, evaluating, interpreting, and integrating all sources of information, and fusing computer network attack analyses with counterintelligence and law enforcement investigations.
- Ability to work on-call for escalated cyber security incidents.
- Must have at least one of the following certifications: SANS GIAC: GCED, GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON or GCIH ISC2 CCFP, CCSP, CISSP CERT CSIH EC Council: CHFI, LPT, ECSA, Offensive Security: OSCP, OSCE, OSWP and OSEE EnCase: EnCE Dod 8570: IAT L3, CNDSP Analyst or IR Carnegie Mellon: CCSIH
- Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats
- Ability to read and interpret PCAP data, experience with malware analysis
- Support the operational planning and development of cyber threat emulation, cyber hunt, and tactical operations.
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and SECRET CLEARANCE REQUIRED.