is currently seeking talented Cyber Threat Intelligence Analyst’s to support one of our premier clients. To support this vital mission, XOR staff is on the forefront of providing T1-T3 CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security and resiliency of USP SOCs critical operations, we are seeking Cyber Intelligence Analyst’s with diverse backgrounds in incident handling, focused operation, targeting and attribution of threat actors. Previous experience in providing cyber threat intelligence support is highly desired.The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally the ideal candidate would be familiar with intrusion detection systems, netflow analysis, security information event management platforms, and cyber ticketing management.
Strong written and verbal communications skills are a must.
BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Studies, Cyber Security or another related field of study or equivalent 3+ years performing technical cyber threat intelligence analysis.
Strong technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch) and open source information collection. Candidate must have a thorough understanding of Domain Name Service records.
Strong knowledge of Cyber Threat Intelligence principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength.
Strong understanding of US Intelligence Community and how cyber intelligence organizations work together for purposes of conducting cyber threat analysis
Strong proficiency and recent experience (within last 3 years) performing NETFLOW and PCAP analysis using common analysis tools (examples include Wireshark, Splunk, ChopShop, Dshell, Network Miner, Moloch, etc). Candidate must be strongly proficient at sessionizing PCAP data, identifying and decoding protocols, extracting files, and applying standard filters such as Berkley Packet Filter (BPF).
Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
Strong or Intermediate ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity. Candidate must be able to make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis. Candidate must be able to identify analytic bias.
Intermediate ability to build intrusion related data visualizations and perform analysis (i.e., using I2 Analyst Notebook, Netviz, Palantir, etc)
Intermediate ability to present technical information and analysis to groups up to 50 persons on a quarterly basis. Candidate will be required to brief smaller groups up to 10 persons on a weekly basis.
Self-starter with the ability to proactively engage and develop relationships with intrusion set subject matter experts and analyst counterparts across the US Intelligence and Law Enforcement communities
Chinese Mandarin language, ILR 3/3 level of general proficiency (or equivalent certified language training standard) with a test date in the last 3 years
Formal training as an intelligence analyst in any discipline
Graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc
Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity
Certifications (any): CISSP, CEH, Security+, SANS certification(s), Network+, CCNA
Advanced NETFLOW and PCAP Analysis
Advanced Data Visualization proficiency leveraging COTS/GOTS tools