|Must be a US Citizen who currently possesses a TS/SCI and eligible for C/I Polygraph.|
J23 – Cyber Intelligence Watch Officer (shift work)
The Cyber Intelligence Watch Officer will support the JFHQ-DODIN J2 providing 24 x 7, 365 day-a-year intelligence analysis support, producing and disseminating all-source integrated intelligence analysis to support DoD's Defensive Cyber Operations.
- Support all watch officer shift rotations (day/night) as required in a 24X7 work environment.
- Produce and disseminate all-source integrated intelligence analysis to support DODIN and defensive cyberspace operations (DODIN/DCO-internal Defensive Measures) planning, integration, coordination, and execution. Assist in analyzing ongoing threat related activities and information targeting the DODIN and develop threat assessments. Make recommendations for JFHQ-DODIN action to protect the DODIN.
- Review threat intelligence and open source reports and document their impact to DODIN operations. Provide all-source analytical support to DODIN/DCO to include production of cyber related Intelligence reports and products.
- Produce special reports and assessments related to specific incidents and trends concerning threats to the DODIN as required.
- Conduct analysis to identify indications of adversary activity and warn (Indications and Warning) leaders of potential threats, cyber developments, events or conditions that may adversely affect the DODIN; advise leaders in order to proactively confront emerging challenges, leverage opportunities, avoid surprise and produce strategic outcomes favorable to the U.S. or allied interests.
- Respond to the J2 for threat identification of activity directed against DoD systems.
- Evaluate international events, all-source and open-source intelligence, and operational information to assist in the assessment of potential impacts to the DODIN and alert the JFHQ-DODIN Staff and Leadership to potential network exploitation or attacks. Using these techniques and taking advantage of web-based research tools, match potential threat candidates with identified activity, produce reports and/or briefs, and make intelligence-derived recommendations to the J2/J3 for the defense of the affected network.
- Develop and present intelligence briefings and presentations concerning nation-state and non-state actor capabilities and activities, specific actor profiles, and incidents affecting DoD communications networks.
- Assist the J2 in the management of daily intelligence reports and bulletins and web sites on the classified networks.
- Maintain communications as directed by the J2, with intelligence representatives at JFHQ-DODIN, Service components, other Combatant Commands, Department of Homeland Security, US CERT, Intelligence Community, Joint Staff J2/JCS, DODIN service providers, and other organizations as designated.
- Clearance: DoD TS/SCI and eligible for C/I Polygraph .
- BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Analysis, Cyber Security, or another related field of study or equivalent 5+ years performing cyber threat intelligence analysis.
- Intelligence all source analysis; Defense Intelligence Analysis Program; intelligence writing and briefing at a senior level. Ability to place threats in the proper context and identify the "so what " for decision makers; ability to communicate technical information to non-technical audiences.
- Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask "why ", defend your analysis, and apply attribution to cyber threat activity.
- Basic technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types).
- Familiar with the DoD, Intelligence Community, and private sector cyber community.
- Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity. Advanced Data Visualization proficiency leveraging COTS/GOTS tools.
- Technical Skills proficiency: encryption technologies/standards.
- Cyber security with cloud technologies, Wireless, IoT, etc.
Experience with joint and combined military exercises. Analyst experience in any Federal Cyber Center (NCTOC, IC-SCC, Cyber Command, CNMF, CPT, JFHQ-Cyber, NCIJTF, Client US CERT) or Corporate CIRT.
Any type of cyber related law enforcement or counterintelligence experience. Recent experience performing NETFLOW or PCAP analysis using analysis tools (Wireshark, SourceFire, etc).
Experience using ArcSight, FireEye, or other SIEM tools.
Security certifications (one or more): Security+, CEH, GIAC, GCIH, etc.