Apply on Employer Site

Peraton · 2 months ago

Sr Industrial Control System Cyber Threat Intelligence Analyst with OT/CTI/Threat Hunt experience

US-VA-Arlington

Full-time

Onsite

Senior Level, Lead/Staff

$112K/yr - $179K/yr

8+ years exp

Peraton is a next-generation national security company that drives missions of consequence. They are seeking a Senior Industrial Control System Cyber Threat Intelligence Analyst to fuse intelligence sources, research current threats in operational technology, and analyze data to inform senior leaders and operational teams.

Information TechnologyRobotics

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Fuse multiple intelligence sources to develop products, recommendations, and inform priorities for the organization

Perform research and investigate current threats in operational technology, specific critical infrastructure sectors, and mission areas to inform senior leaders and drive priorities for operational teams, including the forward deployed incident response and threat hunting functions

Analyze collected data to derive facts and projections concerning capabilities, intentions, attack approaches—research resource allocations, motivations, tendencies, personalities; and contribute to profiling adversarial behavior with respect to identified system attacks in the context of the critical infrastructure mission

Research and review cyber warfare tactics, techniques, and procedures focused on the threat to information networks

Prepare assessments and cyber threat profiles of current and planned products based on recent and current trends within ICS/SCADA

Escalate new or high threats to the Cyber Physical Forensics Section as required

Research OT defensive tactics, techniques, and procedures (TTPs) for detecting and responding to cyber threats

Map ICS activity and threats using MITRE ATT&CK Framework

Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements

Serve as subject matter expert (SME) for ICS Security activities

Identify potential open-source vulnerabilities existing within ICS/SCADA

Identify and assess current and emerging threats and vulnerabilities as they relate to homeland security

Identify classified threat intelligence reporting related to ICS/SCADA and analyze for adversary intent and capability

Develop and maintain analytical procedures to meet changing requirements

Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and operations officials

Serve as a customer facing SME supporting them achieve success with the technology for their overall ICS security efforts

Qualification

Industrial Control Systems (ICS)Operational Technology (OT)Cyber Threat IntelligenceMITRE ATT&CK FrameworkSCADA systemsThreat analysisSANS GICSP certificationSANS GRID certificationSANS GCTI certificationAnalytical skillsResearch skillsCollaboration skillsPresentation skills

Required

Bachelor's degree and 8 years of experience, or an Associate's degree and 10 years, or HS and 12+ years of experience in lieu of a degree

Experience performing processing, triage, threat analysis, and response to cyber incident reports

Experience with industrial Control Systems (ICS), Operational technology (OT), Supervisory Control and Data Acquisition (SCADA) systems, and the underlying principles necessary to ensure security and safe function of ICS systems

Experience connecting open-source information with network and/or host-based anomalies (e.g., identifying cyber threat intelligence about suspicious processes, finding new insights through tools such as VirusTotal, understanding of how to find threat intelligence about malformed HTTP traffic, etc.)

Hands-on experience with open-source cyber threat/related tools (e.g., VirusTotal, Maltego, Shodan, exploit-db, etc.)

Experience researching and analyzing cyber threats across either a) multiple industries or b) multiple timeframes. Including but not limited to the critical infrastructure sectors

Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain to incorporate into client reports

Experience producing and completing all-source (unclassified and classified) finished intelligence assessments that adhere to the ICD203 analytic tradecraft standards

Proven ability to collaborate and establish key threat intelligence partnerships to bolster information sharing and defenses

U.S. citizenship required

An Active Top Secret Security Clearance with SCI eligibility

Additionally, have the ability to obtain/maintain DHS EOD agency clearance prior to starting