Threat Operations Analyst with Security Clearance

---

Job description

Duties The joint duty assignment will serve a role as an analyst on CISA's Cybersecurity Division (CSD)- Joint Cyber Defense Collaborative (JCDC) - Chief of Ops Office(COP) Analytical and Triage team. The analyst will participate on a team responsible for the initial triage and analysis of International, Federal, Industry, State Local Tribal Territorial partner shares of cyber information. Analysts will act as SMEs during technical exchanges with partners, for scoring of CSD and JCDC operational priorities based on available information, and for sharing back information that has been enriched from CISAs holdings. Requirements Conditions of Employment Must be a current permanent Federal employee Must have supervisory approval to apply to the Joint Duty Assignment. DHS 250-2 Application Form under "required documents" section. Must NOT have any pending/outstanding disciplinary actions Must have achieved a minimum of "meet expectations/proficiency" on latest performance appraisal/evaluation Must be currently at the grade level of the detail. No Temporary Promotion Opportunity The program does not apply to members of the Military service or contractors. Qualifications Qualifications required: Access to a SCIF Combined 7+ years' experience in any number of cybersecurity fields (preferably network, host, and intelligence analysis) Strong network-based analysis and analytic discovery skills (e.g., knowledgeable about common network/security protocols HTTP, SSL, SSH, DNS/secure DNS, etc. , including ability to identify normal vs. abnormal behavior) Familiarity with host-based anomaly detection (e.g., have basic understanding of what normal process trees look like, vs. malware injection into a process, etc.) Experience connecting open-source information with network and/or host-based anomalies (e.g., identifying cyber threat intelligence about suspicious processes, finding new insights through tools such as VirusTotal, understanding of how to find threat intelligence about malformed HTTP traffic, etc.) Hands-on experience with open-source cyber threat/related tools (e.g., VirusTotal, Maltego, Shodan, exploit-db, etc.) Familiarity working with public/purchased Cyber Threat Intel (CTI) feeds/data (e.g., Crowdstrike reporting, GreyNoise, RecordedFuture, Palo Alto Xpanse, or others) Excellent time-management skills with the ability to work in a collaborative team on a common project/event, as well as on your own. Excellent mission documentation skills; familiarity with ServiceNow, Confluence, and JIRA is a plus. Comfort to autonomously engage with others across the Agency/organization to obtain relevant information in support of unique mission needs. Familiarity with Red Teaming / Cyber exploitation concepts (e.g., killchain, MITRE ATT&CK, common hacker tools such as Metasploit/Meterpreter, Kali linux, etc.) Ability to code/script simple programs and functions in Python, bash, powershell, etc., to enable analytic triage and automation. Familiarity with Amazon AWS/S3, Jupyter Notebooks, and experience using specific CTI APIs is a plus; fusing multiple mission-relevant data streams is a highly desired. Broad familiarity with the tactics, techniques, procedures (TTPs) of nation-state and/or ransomware actors is desired; specialization in key nation-state intel a plus. Excellent technical reasoning skills / considers analysis of competing hypothesis (ACH) / values quality over quantity / proactive & self-starting approach to work. Please read the following important information to ensure we have everything we need to consider your application: It is your responsibility to ensure that you submit appropriate documentation prior to the closing date. Your resume serves as the basis for qualification determinations and must highlight your most relevant and significant experience as it relates to this Joint Duty assignment opportunity announcement. Be clear and specific when describing your work history since human resources cannot make assumptions regarding your experience. Your application will be rated based on your resume. Please ensure EACH work history includes ALL of the following information: Job Title (Include series and grade of Federal Job) Duties (Be specific in describing your duties) Name of Federal agency Supervisor name, email, and phone number Start and end dates including month and year (e.g. June 2007 to April 2008) Education EDUCATIONAL SUBSTITUTION: There is no educational substitution for this position. Additional information DHS does not offer any additional benefits beyond that which the Federal employee is already receiving. If the position requires a security clearance, employees must have a SECRET or TOP SECRET clearance to placement AND must maintain that level of clearance while performing in the position. Selected applicants for a JDA are requested to fulfill the items below during the JDA: Complete the DHS Training Course 15 days prior to the arrival to the JDA. Complete the DHS Joint Duty Assignment Progress Plan to include: Phase 1: Establish assignment objectives within the first 30 days of the JDA. Phase 2: Complete a self-assessment of the duties performed at the mid-point of the JDA. Phase 3: Complete a final review within the last 30 days of the JDA. How You Will Be Evaluated You will be evaluated for this job based on how well you meet the qualifications above. We will review your resume and supporting documentation to ensure you meet the basic qualification requirements. If you meet the minimum qualifications, your experience, education, and training will be rated using a job questionnaire based on the competencies or knowledge, skills, and abilities needed to perform this Joint Duty Assignment. If you are among the best qualified, you may be referred to the hiring manager for consideration and may be called for an interview. After reviewing your resume and supporting documentation, a determination will be made. You must submit the supporting documents listed under the required documents section of this announcement. Note: DHS continues to take necessary steps to keep our workforce safe amid the COVID-19 pandemic. If you receive a final Joint Duty Assignment offer to onboard, please complete the onboarding requirements and/or forms and submit them electronically in an expeditious manner. Your start date may be delayed if the action above is not completed. Required Documents 1. Resume: Do not include any personally identifiable information (PII) i.e., home address, social security number, or date of birth. Your resume must clearly demonstrate you have experience which meets the requirements of this position as outlined in the "Qualifications" section. 2. SF-50: Submit a copy of your official SF-50 (no text version) or other official "Notification of Personnel Action" document which shows the following information: Your appointment in the Federal service Tenure Grade and Step Full performance level If your SF-50(s) does not provide the information needed to make a final determination for qualification, you will be found ineligible for the position. 3. DHS Joint Duty Assignment Application Form signed by your supervisor. Please click on the following link to access the required form DHS Form 250-02 . How to Apply All applicants are encouraged to apply online. To apply for this position, you must complete the questionnaire and submit the documentation specified in the Required Documents section. The complete application package must be submitted by 11:59 PM (ET) on 10/10/2024 to receive consideration. To begin, click Apply Online to create a USA JOBS account or log in to your existing account. Follow the prompts to select your USA JOBS resume and other supporting documents, and complete the questionnaire. Click Submit My Answers to submit your application package. NOTE: It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date. To verify your application is complete, log into your USAJOBS account select the Application Status link, and then select the more information link for this position. The Application page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process. To return to an incomplete application, log into your USAJOBS account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJOBS account or your application will be incomplete. Agency contact information DHS Joint Duty Program Email Address Department of Homeland Security Headquarters OCHCO/HRMS/MS 6595 Springfield Center Drive Springfield, VA US Learn more about this agency Next steps Once you submit your application, we will assess your experience and training, identify the best qualified applicants, and refer those applications to the selecting official for further consideration and a possible interview. We will notify you by email at various stages in the process. Your status will also be updated on USAJOBS throughout the process. To check your status, log on to your USAJOBS account, click on "Application Status," and then click "More Information." We expect to make a final JDA offer within 90 days after the deadline for applications. If you are selected, we will conduct a suitability/security background investigation. Telework: Telework eligibility is based on the needs of the office and is subject to change. Additional information pertaining to your interest and availability for this position may be needed after the closing date of the Joint Duty Assignment vacancy announcement; therefore, a timely response to these requests must be adhered to in ord

<!– job description page –>