Cyber Threat Analyst

5 Year DoJ Contract | Chantilly, VA. Amatriot is seeking a Cyber Threat Analyst to support a Cyber Technical Analysis Unit in analyzing cyber intrusion activity, digital communications, host/network forensic artifacts, and supporting DoJ mission operations. This role focuses on cyber threat analysis, intrusion investigation, host-based forensic analysis, network traffic analysis, and attribution support within a highly sensitive operational environment. The ideal candidate will have experience analyzing Splunk data, conducting host and network forensic analysis, and using industry-standard forensic tools to identify malicious activity, recover artifacts, and support investigative operations.

• Process, evaluate, and analyze digital network communications and cyber threat data to identify malicious activity and support investigative operations.
• Conduct cyber intrusion investigations and perform end-to-end kill chain analysis across host and network environments.
• Perform host-based forensic analysis leveraging Splunk and standard forensic toolsets to identify indicators of compromise, attacker activity, persistence mechanisms, and unauthorized access.
• Analyze packet capture (PCAP) and Net Flow data to identify malicious communications, software usage, command execution, credential activity, and network-based indicators of compromise.
• Correlate digital artifacts—including IP addresses, URLs, malware indicators, system logs, and user activity—across multiple data sources to support attribution and investigative lead generation.
• Analyze encrypted and plaintext credentials, registry artifacts, rootkit activity, command‑line execution, and other system‑level forensic evidence.
• Draft detailed technical reports and analytical findings based on cyber investigations while participating in internal review and quality assurance processes.
• Support development and refinement of cyber analysis processes, CONOPS, SOPs, and investigative methodologies.
• Conduct open‑source and intelligence community research to maintain awareness of emerging cyber threats, malware trends, and adversary tactics, techniques, and procedures (TTPs).
• Collaborate with internal teams and mission partners across the intelligence community to support tactical and strategic cyber operations.
• Provide operational updates and analytical findings to leadership and investigative stakeholders.

• Active Top Secret Clearance required, with willingness and ability to obtain a Counter‑Intelligence (CI) Polygraph.
• BS/BA degree with 5+ years of relevant experience or 9 years with no degree. Advanced certifications, specialized training, or equivalent hands‑on experience may be considered in lieu of years of experience.
• Experience performing host-based forensic analysis utilizing Splunk.
• Experience analyzing network traffic, packet capture (PCAP), and Net Flow data.
• Hands‑on experience with industry‑standard forensic tools such as Splunk, EnCase, Magnet AXIOM, X‑Ways Forensics.
• Understanding of cyber intrusion methodologies, attacker kill chains, malware behavior, and forensic artifact analysis.
• Experience correlating threat indicators and investigative data to support attribution and operational analysis.