Senior Threat Analyst
Computer World Services (CWS)Corporation

Sierra Vista, Arizona


Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Cyber Threat Analyst for the US Army Regional Cyber Center - Continental United States (RCC-CONUS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. RCC-CONUS is responsible to operate, manage, and defend the Army's NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command's Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world. Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio/IT Investment Management, and Theater Operations and Service Desk support.

The candidate will leverage skills and expertise by determining system vulnerabilities, monitor and assess potential threats, and ensure a network meets security qualifications. Monitor the cybersecurity program by gathering technical and tactical information, perform digital forensics, conduct all-source analysis, and pose counteractions to protect intelligence.

Key Tasks and Responsibilities

  • Responsible for providing a Cyber Threat Awareness Report on network threats/trends to the theater.
  • Produce informational reports for the CONUS Theater stakeholders to address evolving cyber threats/trends in order to increase situational awareness and affect positive changes to the defensive posture of the CONUS Army networks.
  • Perform analysis of specific Information Assurance Vulnerability Alert (IAVA) and Common Vulnerability and Exposures (CVE) vulnerabilities as assigned by RCC-CONUS leadership and provide a detailed risk assessment as well as recommended mitigation actions.
  • Provide risk assessment with recommended mitigation.
  • Conduct cyber threat analysis and hunting utilizing proactive and iterative approaches to search all supported networks to detect and isolate advanced threats that may evade existing security solutions.
  • Ability to devise modeling and measuring techniques; utilizes mathematics, statistical methods, engineering methods, operational mathematics techniques (linear programming, game theory, probability theory, symbolic language, etc.), and other principles and laws of scientific and economic disciplines.
  • Ability to demonstrate a complete understanding and wide application of technical principles, theories, and concepts within the Cyber Research field and provide consultation to technical solutions over a wide range of complex difficult problems in which proposed solutions are imaginative, thorough, practicable, and consistent with organization objectives. Professionally certified as Technical Level III as defined by DODI 8570 is a requirement.
  • Examine threat intelligence from DoD and public sources to identify threats that are relevant within the AOR.
  • Responsible for utilizing the information collected from research and cyber hunt missions to provide recommendations and operational impact assessments of tasked domains to increase the likelihood of identifying advanced intruders and malicious software in supported networks.
  • Conduct Cyber hunt missions that include, but are not limited to, examining information systems, network devices, and endpoints for indicators of compromise and network activity via a plethora of network artifacts including but not limited to network flow, packet analysis, network device logs, etc.
  • Consolidate research and results of the cyber hunt missions and produce a Threat Hunt and Analysis report or Operational Impact Assessment IAW TE 3 Deliverables. Cyber hunt research and mission results shall also be incorporated into PPT missions and shared with RCC-CONUS leadership, subscribers, and stakeholders.
  • Provide data analysis to include trend analysis evaluating activity on the Army networks to identify systemic or potential issues and include metrics and recommendations to enable to development and deployment of response actions.
  • Responsible for having sufficient personnel on staff to maintain on-site capability (IAW paragraph 5.3) to work directly with RCC-CONUS Operations personnel to conduct initial triage/cyber incident analysis to include, review correlated events, system/device logs, and SIEM event data to determine and recommend/take immediate DCO response actions.
  • Produce data logs in the conduct of incident analysis and recommend mitigation measures in response to general or specific Advanced Persistent Threats (APT), (attempted exploits/attacks, malware delivery, etc.) on Army networks that include blocking/denying access by hostile sites or restricting access by specific ports/protocols and/or applications.
  • Provide recommendations to the supporting operations and maintenance organization to take necessary action where the DCO-D does not administratively control the sensor grid.
  • Provide justification of internal defensive measure and/or operational impact (implied or accepted risk) to a Configuration Control Board (CCB) and/or Authorizing Official (AO), as required, for mitigation action (internal defensive measure) approval.
  • Monitor all sensors and agents managed by the RCC-CONUS for security event analysis and response; and maintain and update the triage database with current threat data and response methods in real-time with follow-up recurring within 72 hours of last response.
  • Respond to a detected event and perform triage, ensure proper handling of the associated trouble ticket (TT), and process events accordance with appropriate TTPs.
  • Provide all initial cyber incident reports to law enforcement and counterintelligence agencies (LE/CI). Maintain an up-to-date Point of Contact (POC) list for LE/CI agencies as routinely provided by the Major Cybercrimes Unit (MCU) and Cyber Counterintelligence agencies.
  • Provide support and expertise include the provision of the required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE/CI official request or within DCO-D TTPs. (i.e., do not provide data or answers to anything not specifically requested by LE/CI).
  • Provide all initial cyber incident investigation reports to LE/CI as identified in TE 3.
  • Maintain a master station log to document high visibility cyber incidents, defined as events identified in an ARCYBER Task Order, a Named Operation, or a Category 1 (CAT1), with most status, discuss DCO topics, share internal tasks between shifts, document call outs, and share any additional relevant instructions between shifts and up through RCC-CONUS Leadership and Operations reporting channels.
  • Provide the master station log daily as identified in (TE 3 Deliverables).
  • All other CDO operations must have an on call capability to take actions as required to respond to cyber incidents IAW Policy and/or Government direction.


Education & Experience

  • BA /BS or an MA/MS preferred from an accredited university (required)
  • Minimum of 12+ years of related IT experience (required)
  • Substitution Allowance (MA/MS with 10+ years' experience can be substituted for above requirements)

Certifications

  • "Certified Ethical Hacker (CEH),
  • GIAC Certified Intrusion Analyst (GCIA), and IAT Level II Baseline Certification"

Security Clearance

  • Top Secret clearance (Required)
  • US Citizen or permanent resident

Other (Travel, Work Environment, Administrative Notes, etc.)

  • Travel to CONUS and OCONUS locations to meet mission requirements and undergo training. The support outside Fort Huachuca, AZ will be designated as TDY.

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at

314.952.5138
or .

DoD 8570.01.M:



Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.

More IT jobs


AF Group
Lansing, Michigan
$79,300.00 per year
Posted about 2 hours ago
AF Group
Sacramento, California
$17.00 - $33.00 per hour
Posted about 2 hours ago
Emergent Holdings
Detroit, Michigan
$17.00 - $33.00 per hour
Posted about 2 hours ago
View IT jobs ยป

Share diversity job

Senior Threat Analyst is posted on all sites within our Diversity Job Network.


African American Job Search Logo
Hispanic Inclusion Jobs Logo
Asian Job Search Logo
Women Inclusion Jobs Logo
Diversity Inclusion Jobs Logo
Seniors to Work Logo
Black Inclusion Jobs Logo
Veteran Job Center Logo
LGBT Job Search Logo
Asian Inclusion Jobs Logo
Disabled Job Seekers Logo
Senior Inclusion Jobs Logo
Disability Inclusion Jobs Logo
US Diversity Job Search Logo
LGBTQ Inclusion Jobs Logo
Hispanic Job Exchange Logo