Cyber Threat Intelligence Analyst

ECS is seeking a Cybersecurity Threat Intelligence (CTI) Analyst to work in our Washington, DC office. The CTI Team leverages real time data to identify potential security threats and risks. These capabilities require an analyst well versed in industry tools and techniques, penetration testers with the ability to effectively assess the environment's weaknesses and exercise planners that ensure the environment is continuously positioned against adversarial activity. Functional areas include: • Adversary Emulation - Perform passive and active adversary emulations to replicate activities of known relevant threat actors by utilizing offensive tools to test current security measures. Document and present findings and recommendations to technical experts on other teams and to leadership. • Cyber Adversary Research - Research and document both historical and timely adversarial activities. Ability to categorize actors by both urgency and relevance. Also has the ability to provide research and context based on targeted needs of incident response, risk assessments, VIP activity, and other ad hoc requests. • Cybersecurity Exercise Planning - Oversee and plan Cybersecurity activities for advancement in security related knowledge and intelligence application. Share and collaborate with other groups. • Indicator of Compromise Processing - Use all sources of intelligence to identify and compile relevant indicators and work with operations team to verify any presence in the network and develop protections against future activity. • Pentesting - Identify and display proficient use of offensive tools to discover and verify security gaps/vulnerabilities on endpoint devices, applications, and networks. • Purple Teaming - Collaborate with Detection Engineering to perform offensive adversary engagements to detect and verify targeted security measures and identify gaps to create detections for future mitigations. • Risk Analysis - Research the current state of components and identify future vulnerabilities and assess likelihood of that occurrence. Tie this risk into the holistic House security and threat landscape and serve as a trusted advisor to customers and leadership. Salary Range: $80,000-100,000 General Description of Benefits The CTI Analyst should possess the following knowledge, skills, and abilities: • Demonstrated knowledge of threat intelligence platforms. • Demonstrated deep technical level experience supporting security network defense and strategies. • Knowledge of threat actors and campaigns related to government/legislative branch. • Experience with current and historical threat actor group Tactics, Techniques, and Procedures. • Ability to use in-depth knowledge to identify and present actionable intelligence to team members and senior leadership. • Experience with scripting languages (bash), application development (Java, Perl, Python, .NET, PowerShell, VBscript), databases and analytical tools. • Has the ability to work with security tools that emulate adversary like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve the security by resolving findings. • Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures. • Interact with other stakeholders in the House community for troubleshooting/content development/etc. This interaction could include other members of other members of Cybersecurity, the networking team, systems administrators, technology support partners, etc. • Subject Matter Expert (SME) on two or more of the following: Log Analysis/Event Detection, Cyber Adversary Research, Pentesting, Adversary Emulation, Purple Teaming, Risk Analysis, Indicator of Compromise Processing, Cybersecurity Exercise Planning • Works with executive management to determine acceptable levels of risk for the enterprise. • The ability to develop detailed multi month and resourced project plans providing timely updates. • Assist in the development and performance of quality control checks for threat intelligence operations. • Assist in the development and performance of operational metrics for threat intelligence operations.