Cyber Threat Analyst

Phia Dulles , VA 20101

Posted Yesterday

Would you like to work with a highly technical team, supporting the front line of security protecting the federal and civilian government in the pursuit of national cybersecurity?
phia is seeking a highly skilled JOB TITLE to work for the Network Security Deployment (NSD) division, which supports the DHS National Cybersecurity Protection System (NCPS) infrastructure, development and operations through its entire lifecycle. NSD supports critical missions such as the NCCIC in their ability to be the Nations Lead Cyber Center for information exchange, incident response, and other key roles. Come join our teams working in a fast-paced environment that will challenge your technical skills.


  • Perform cyber-threat hunting with vendors to identify potential cyber-threat activity within their networks/systems
  • Perform hands-on investigations that require critical thinking and a broad understanding of multiple technologies
  • Support development of presentations and reports to document findings
  • Assist in the development and execution of cyber threat-hunting standard operating procedures (SOPs)
  • Serve as a data analysis expert for output from a wide variety of cyber assessment tools and data analytics
  • Assist in analysis tool development, configuration, implementation and use
  • Analyze cyber-threat intelligence (e.g. actors, tools, exploits, malware, etc.) and determine TTPs used by threat-actors
  • Analyze security events and data feeds for event detection, correlation from monitoring solutions, conduct triage and classify the output using automated systems for further investigation
  • Assist in the discovery of cyber vulnerabilities and the investigation of global cyber security incidents, as required
  • Develop cyber protection improvement recommendations that support the remediation and protection of systems
  • Analyze and report on cyber-threats based on assessment and all-source intelligence
  • Translate analytical findings into security use cases that can be implemented within available surveillance capabilities
  • Provide detailed and accurate technical reporting of analysis results in the form of PowerPoint presentations and/or Word documents, as well as oral briefings on complex technical subjects attuned to senior management, technical, or non-technical audiences



  • Eight (8) or more years of systems development experience required.
    [A Masters degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.]
  • Bachelors degree a related discipline is required.
    [Ten (10) years of experience (for a total of eighteen (18) or more years) may be substituted for a degree.]
  • Practical knowledge of high-level scripting/programming language (e.g. Python, Perl, PowerShell, etc.) to extract, de-obfuscate, or otherwise manipulate malware-related data
  • Proficient with forensic analysis tools and techniques to identify malware technical indicators of compromise and perform triage
  • Possess excellent oral and written communication skills and critical thinking abilities
  • Capable of working independently and within teams to solve complex problems
  • Able to work across multiple organizations, cultures and service providers to pull together actionable information and management information
  • Practical knowledge of Splunk policies, filters and rules to improve event analysis and data correlation
  • Experience with penetration testing, incident response, malware analysis, reverse engineering, or other similar work experience
  • Knowledge of Windows and Unix/Linux Operating Systems
  • Ability to perform analysis of network traffic and protocols
  • DoD 8570.1-M Compliance at IAT Level I certification required.
  • Active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance required.
  • U.S. Citizenship required.


  • One or more current certifications equivalent to Offensive Security Certified Professional (OSCP), SANS GIAC Penetration Tester (GPEN), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Web Application Penetration Tester (GWAP), SANS GIAC Certified Intrusion Analyst (GCIA).
  • Background or experience in digital forensics is a plus



TRAVEL: Less than 5%


SECURITY REQUIREMENTS: Active Top Secret with eligibility for SCI or DHS EOD



phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customers missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance the work-life balance, these include the following:

Medical Insurance

Dental Insurance

Vision Insurance

Life Insurance

Short Term & Long Term Disability

401k Retirement Savings Plan with Company Match

Paid Holidays

Paid Time Off (PTO)

Tuition and Professional Development Assistance

Parking Reimbursement

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Paranoids Cyber Threat Intelligence Analyst


Posted 2 weeks ago

VIEW JOBS 2/28/2019 12:00:00 AM 2019-05-29T00:00 It takes powerful technology to connect our brands and partners with an audience of 1 billion. Nearly half of Verizon Media employees are building the code and platforms that help us achieve that. Whether you're looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process 4 trillion data points a day, what you do here will have a huge impact on our business—and the world. Want in? As Verizon's media unit, our brands like Yahoo, TechCrunch and HuffPost help people stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. With technologies like XR, AI, machine-learning, and 5G, we're transforming media for tomorrow, too. We're creators and coders, dreamers and doers creating what's next in content, advertising and technology. When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make VZM one of the safest places on the Internet. We are the information security team at Verizon Media. People call us "The Paranoids". Specifically, we are the Threat Operations team - we provide targeted, highly-relevant threat intelligence to support security operations and incident response activities to keep over 1B members and their information safe. You are an experienced cyber threat intelligence analyst with a passion for cybersecurity. You collect, analyze and share cyber threat intelligence impacting Verizon Media's systems, services and employees. You use CTI tradecraft and tool experience to identify, refine and manage indicators of attack/compromise for use in detecting advanced or commodity attacks as well as attacker tactics, techniques and procedures (TTPs). You not only can identify attackers and their methods, but also use your IT and networking expertise to improve detection logic. You bridge the gap between intelligence and network defense. Your Day * Engage with Incident Response, Security Operations, and other Paranoids teams. * Develop and produce written tactical intelligence reports constructed from analysis of developing cyber events including data from intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. * Contribute to daily and weekly updates for distribution to security operations teams, information technology teams, enterprise risk management teams, and executive decision makers. * Produce threat assessments based on all-source intelligence and malware artifacts * Support Threat Detection & Response in the development and enrichment of indicators of attack/compromise. * Administer a threat intelligence platform (TIP) to manage indicator lifecycle. * Research and document exploitation tools and threat actor tactics for use by incident responders. * Support incident responders during incidents with intelligence requests. * Participate in threat modeling efforts around Verizon Media's crown jewels. You Must Have * BA or BS degree in Computer Science, Cybersecurity, or related field or equivalent years of experience * 2+ years of experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources * Experience with cyber incident management and digital forensics, security engineering, security operations, computer network operations, information operations * Ability to write intelligence assessments and briefings to various audiences * Knowledge of cyber threat intelligence processes and tradecraft to include MITRE ATT&CK Framework, the Cyber Kill Chain and Diamond Model of Intrusion Analysis * Knowledge of attacker tactics, techniques, and procedures (TTPs) and common attack vectors and vulnerabilities Nice to have * 2+ years of experience working in security operations environments; experience with key security operations technologies such as SIEM and log aggregation (e.g., Splunk) * 2+ years of experience with scripting languages, including Python * 2+ years of experience with host and network log sources to apply to incident investigations Oath is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on, age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Oath is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. Please let us know if you need a reasonable accommodation to apply for a job or participate in the application process. Currently work for Oath? Please apply on our internal career site. Oath Dulles VA

Cyber Threat Analyst