Cyber Threat Analyst - Arlington, VA

Job Description

ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans, Transitioning Military, National Guard and Reserve Members, Military Spouses, Wounded Warriors, and their Caregivers. If you have the required skill set, education requirements, and experience, please click the submit button and follow the next steps.

All positions are onsite, unless otherwise stated.

Position Title: Information Technology Specialist (INFOSEC)
Series & Grade: GS 2210 13
Promotion Potential: GS 14
Agency: Department of Homeland Security
Organization: Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division (CSD), Joint Cyber Defense Collaborative (JCDC)
Location: Arlington, VA (and other locations as determined by the agency)
Clearance: TS/SCI (ability to attain)
Who May Apply:

• Veterans with a 30% or more service-connected disability rating
• Individuals eligible under Schedule A (5 CFR 213.3102(u))

Summary
This position is located in the Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division (CSD), Joint Cyber Defense Collaborative (JCDC). CISA is the Nation's risk advisor, working with partners to defend against today's threats and to build more secure and resilient infrastructure for the future.
CSD leads cybersecurity efforts for CISA as the Nation's flagship civilian cyber defense organization. Within CSD, the JCDC brings together Federal, State, local, Tribal, territorial, international, and private sector partners to enable joint cyber defense planning, real time collaboration, and shared response to significant cyber risks and incidents.
As an Information Technology Specialist (INFOSEC), you will serve as a senior cyber defense incident responder and analyst. You will plan and implement advanced cyber defense capabilities, lead incident response activities, and conduct time sensitive enrichment and analysis of diverse cyber threat and telemetry data in support of JCDC operational priorities.

Duties:
As an Information Technology Specialist (INFOSEC), GS 2210 13, you will:

• Implement higher level IT security requirements resulting from laws, regulations, and Presidential directives, and integrate security controls and practices across IT and cybersecurity disciplines.
• Define the scope and level of detail for IT security plans and policies that govern CISA and JCDC security programs, ensuring alignment with agency wide cyber defense strategies.
• Develop long range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities across diverse environments.
• Review proposed new systems, networks, and software designs for potential security risks and resolve integration issues related to the implementation of new capabilities within existing infrastructures.
• Lead implementation activities for new security capabilities, institute measures to ensure awareness and compliance, and identify the need for changes based on evolving technologies and threats.
• Review and evaluate security incident response policies and procedures and recommend improvements to enhance organizational readiness and response.

Cyber Defense Incident Response and Analysis

• Serve as a primary cyber defense incident responder, coordinating and providing expert technical support to enterprise wide cyber defense personnel to resolve cyber incidents.
• Perform cyber defense incident triage, including determining scope, urgency, and potential operational impact; identifying specific vulnerabilities or attack vectors; and recommending remediation actions to enable rapid response.
• Conduct real time incident handling, including forensic collection, intrusion correlation and tracking, threat analysis, and direct system remediation in support of deployable Incident Response Teams (IRTs).
• Correlate and analyze security relevant events from multiple sources (such as network activity, host-based telemetry, log analysis, alerts, and threat intelligence) to determine the nature, scope, and impact of cyber threats and attacks.

Threat Intelligence Enrichment and Data Driven Analysis (JCDC Focused)

• Investigate and operationalize partner shared cybersecurity insights, unique cyber threat intelligence, and network/host telemetry into actionable outcomes, recommendations, and products in support of JCDC operations.
• Contextualize and enrich technical indicators (such as IP addresses, domains, file hashes, and adversary tactics, techniques, and procedures) using:
  • Open source and commercial data sources requiring research, data correlation, and technical analysis skills;
  • Structured analytic frameworks and methodologies for threat intelligence and adversary behavior mapping;
  • Internal data holdings, including network flow analysis, asset management, and intelligence reporting.
• Identify anomalies in network and host data and determine which systems may be vulnerable…