Dorrean

Cyber Threat Intelligence Analyst with Security Clearance

Dorrean Chantilly, VA
Dorrean

Cyber Threat Intelligence Analyst with Security Clearance

Dorrean Chantilly, VA
4 months ago 31 applicants

See who Dorrean has hired for this role

The duties for the Cyber Threat Intelligence Analyst performing Cyber Watch (CyWatch) operations include:

  • Perform advanced cyber threat analytics;
  • Perform network traffic analytics;
  • Perform data management;
  • Maintain distribution lists for situational awareness reporting, sharing and coordinating information across OGAs, and other external interested parties utilizing unclassified and classified systems to include JWICS and SCION;
  • Transfer data between enclaves;
  • Follow the set of SOPs that describe the duties of the watch;
  • Identify improvements to watch floor processes;
  • Coordinate cyber threats and incidents with other Federal cyber centers, the Cyber Division (CyD), Field Offices, the intelligence and Law Enforcement (LE) communities, and internally;
  • Participate in a cross Government cyber community that involves state, local, and Federal LE and the IC and coordinate internally with other Federal cyber centers regarding ongoing CyWatch priorities and activities, cyber incidents, and investigations as directed;
  • Monitor multiple communications nodes on unclassified and classified enclaves based on computer notification and information sharing applications; multiple telephonic communications circuits; other inter-and-intra-agency communications systems for reports concerning cyber centric advisories, threats and attacks;
  • Monitor multiple communication nodes for updates concerning previously reported threats, incidents, and advisories;
  • Provide research and basic analysis using multiple communication nodes as directed;
  • Maintain situational awareness of emerging and/or developing threats, cyber incidents, identification of cyber victims, open-source media for cyber priorities, supporting ongoing investigations and intelligence activities;
  • Analyze and respond to preliminary cyber threat information;
  • Provide primary assessments on cyber incidents as they come to the attention of the watch floor in order to prioritize and properly administer them;
  • Provide all-source analytical support to augment monitoring activities, critical technical collection and the development of preliminary analytical conclusions and reporting -- this includes using available resources and systems to provide and enhance threat information for incidents that are of interest;
  • Provide analytical support to augment field monitoring activities, critical technical collection and the development of preliminary analytical conclusions to facilitate the creation of and enhance an existing cyber investigation -- this includes using available databases and IT systems;
  • Provide additional information, for each incident that is of value, to the units that will handle the incident;
  • Receive, analyze, and interpret preliminary threat information (cyber and others deemed necessary to the mission).
  • Provide all-source situational awareness and reporting for developing threats, cyberattacks, and ongoing federal agency cyber centric responses;
  • Contribute to a CyWatch ticketing/tracking systems.
  • Maintain situational awareness of developing threats, cyber-attacks, and ongoing Federal agency cyber centric responses;
  • Conduct open source research which consists of locating and collecting unclassified information on subjects of interest with all available resources for a specific topic or person/group that is made available by individuals or corporate entities for general or specific consumers for free or for a fee (as directed), whether in printed form or online from all available networks.
  • Research, prepare and deliver CyWatch products as directed including documentation preparation, writing, editing, and production coordination and graphics of CyWatch products;
  • Research CyWatch products as directed including documentation preparation, writing, editing, and production coordination briefings to executive management and participate in briefings in relation to current cyber threats, incidents, or investigations.
  • Perform closed source research utilizing internal systems as well as other IT systems;
  • Research on threats from network traffic datasets using multiple communication nodes (multiple network-based computer notification and information sharing applications; multiple telephonic communications; circuits; other inter-and-intra-agency communications systems).
  • Maintain daily logs of email, phone calls, and in-person meetings, under the supervision of a Watch Commander or other assigned watch personnel.
  • Assist in the formulation of replies, responses, and further disseminations of threat information received.
  • Determine the status of existing victim notification.
  • Transfer data to the appropriate system of record.
  • Perform open source research on subjects.
  • Keep the victim entity files up-to-date.
  • Assist with documentation preparation.
  • Work with all expected teams to develop, maintain, and periodically update and test, an established COOP for CyWatch, to include relocating contracted personnel to the Cyber Division’s COOP site.
  • Participate in briefings in relation to current cyber threats, incidents, or investigations.
  • Provide user support to CyNERGY in an administrative role.
  • Enter data in CyNERGY, comparing it with data in the official system of record as well as other source documents originating from OGAs and shall ensure details match in an effort to prevent duplicate records, and provide quality control (QC) for the process. Requirements:
  • Bachelor’s Degree
  • A minimum of four (4) years of relevant experience in a technical field with a cyber-nexus to the following:
  • All-source intelligence analysis experience supporting a USIC agency
  • Experience in intelligence disciplines Experience in SIGINT, FININT, and HUMINT collection analysis and operations supporting a USIC agency (examples: FBI, CIA, NSA, DIA, DHS or ODNI).
  • Experience in execution of social network analysis and structured analytical techniques.
  • Advanced level data exploitation capabilities including proficiencies in software applications, to include but not limited to, Microsoft Office Tool Suite, and other commercial analytical tools. Equal Opportunity Employer/Veterans/Disabled


  • Seniority level

    Mid-Senior level

  • Employment type

    Full-time

  • Job function

    Information Technology

  • Industries

    Business Consulting and Services

Referrals increase your chances of interviewing at Dorrean by 2x

See who you know

Get notified about new Threat Intelligence Analyst jobs in Chantilly, VA.

Sign in to create job alert

Similar jobs

People also viewed

Looking for a job?

Visit the Career Advice Hub to see tips on interviewing and resume writing.

View Career Advice Hub