As a Cyber Security Officer (CSO) for the CIA, you will protect Agency data and systems using sophisticated tools, instrumentation, and knowledge of CIA Information Technology (IT) and tradecraft to monitor, evaluate, and manage IT risk. You will identify current threats, mitigate vulnerabilities, and anticipate future cybersecurity challenges. Utilizing new technologies, you will increase the security of our existing and emerging IT systems.
Your career as a CSO will progress through tours of duty where you will apply and develop a broad range of technical, leadership, resource management, and communication skills. Senior positions for Subject Matter Experts with advanced levels of knowledge in specific cyber specialities exist. As an advanced level CSO, you will lead business areas/activities and be responsible for managing a diverse range of cyber security projects. You will ensure the development, deployment, operations, implementation and support of component information systems that are consistent with cyber security policies and procedures. You will also have leadership opportunities to supervise and manage employees, develop and manage a budget according to established strategic priorities, and represent your program area to senior officials at the Agency and the Intelligence Community.
As as CSO you will do the following work to support customers within the Agency:
- Analyze existing and future systems across the Agency, review security architectures, and develop engineering solutions that integrate information security requirements to proactively protect information
- Perform audit and security compliance checks, including network penetration testing, vulnerability scans, and other configuration analysis
- Conduct Computer Incident Response Team (CIRT) activities, including forensic analysis and review and assessment of security events and logs via sophisticated cyber security /event management tools
- Implement and support network defense, identification/authentication/access control, data protection mechanisms, and data transfer mechanisms
- Develop threat models and security risk assessments, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats
- Review and validate security documentation, including the system security requirements definition and System Security Plans
- Implement security designs in hardware, software, data and procedures
- Provide guidance to Agency customers on CIA’s and Intelligence Community’s information security policies and regulations
Most positions are located in the Washington, DC metropolitan area, but opportunities to serve overseas exist as your career and abilities develop.
Offices of the CIA – Directorate of Support
The Directorate of Support (DS) provides everything the CIA needs to accomplish its critical mission of defending our nation. The DS provides business operations support to Agency components including all aspects of security, logistics, facilities, finance, education, medical services and human resources. Learn more about the Directorate of Support.
See our work in action:
Life at CIA
In addition to a comprehensive benefits package, the CIA offers exciting career opportunities and a dynamic environment. We’re on the forefront of world-altering events – as they happen. So working here isn’t just a job, it’s a mindset and a lifestyle.
US citizenship required (dual-national US citizens eligible). All positions require relocation to the Washington, DC metro area.
- Bachelor’s degree in one of the following fields or related studies:
- Information Assurance
- Cyber Security
- Computer Science
- Computer Engineering
- Other related engineering fields
- Or, relevant verifiable work experience
- GPA of at least 3.0 on a 4-point scale is preferred, but exceptions may be made for extenuating circumstances
- Excellent verbal and written communication skills
- Strong commitment to continuous learning
- Ability to work both independently and in a team environment
- Track record of progressively responsible cyber experience in one or more of the following information security areas:
- Networks, operating system, application-layer, and cloud security expertise
- Hunt operations for malicious actors
- System evaluations
- System security penetration testing
- Big-data cyber analytics
- Security operations/network monitoring
- Security information management/security event management
- Network mapping
- Vulnerability scanners, firewalls, routers and other security tools
- Working knowledge of public key infrastructure and encryption systems
- Experience working on a cyber security incident response team
- Professional certifications
All applicants must successfully complete:
- A thorough medical and psychological exam
- A polygraph interview
- A comprehensive background investigation
To be considered suitable for Agency employment, applicants must generally not have used illegal drugs within the last 12 months. The issue of illegal drug use prior to 12 months ago is carefully evaluated during the medical and security processing.