Location: Chantilly, VA
Security Clearance: Active TS or higher [Required]
Job Type: Full-Time
Target Salary Range*: $110,000 - $160,000
- This represents the potential salary range for this position depending on education level, years of experience and/or certifications in addition to other position specific requirements which may impact salary
Amatriot is seeking a Cyber Threat Analyst to support a Cyber Technical Analysis Unit in analyzing cyber intrusion activity, digital communications, and host/network forensic artifacts in support of DoJ mission operations.
This role is focused on cyber threat analysis, intrusion investigation, host-based forensic analysis, network traffic analysis, and attribution support within a highly sensitive operational environment.
The ideal candidate will possess experience analyzing Splunk data, conducting host and network forensic analysis, and utilizing industry-standard forensic and cyber analysis tools to identify malicious activity, recover artifacts, and support investigative operations.
- Process, evaluate, and analyze digital network communications and cyber threat data to identify malicious activity and support investigative operations.
- Conduct cyber intrusion investigations and end-to-end kill chain analysis across host and network environments.
- Correlate digital artifacts, including IP addresses, URLs, malware indicators, system logs, and user activity across multiple data sources to support attribution and investigative lead generation.
- Support attribution and operational analysis by correlating threat indicators and investigative data.
- Perform host-based forensic analysis leveraging Splunk and standard forensic toolsets to identify indicators of compromise, attacker activity, persistence mechanisms, and unauthorized access.
- Analyze encrypted and plaintext credentials, registry artifacts, rootkit activity, command-line execution, and other system-level forensic evidence.
- Recover artifacts to support investigative operations.
- Analyze packet capture and NetFlow data to identify malicious communications, software usage, command execution, credential activity, and network-based indicators of compromise.
- Draft detailed technical reports and analytical findings based on cyber investigations.
- Participate in internal review and quality assurance processes.
- Support development and refinement of cyber analysis processes, CONOPS, SOPs, and investigative methodologies.
- Provide operational updates and analytical findings to leadership and investigative stakeholders.
- Conduct open-source and intelligence community research to maintain awareness of emerging cyber threats, malware trends, and adversary tactics, techniques, and procedures.
- Collaborate with internal teams and mission partners across the intelligence community to support tactical and strategic cyber operations.
- BS/BA degree with 5+ years of relevant experience, or 9 years of relevant experience with no degree.
- Advanced certifications, specialized training, or equivalent hands-on experience may be considered in lieu of years of experience.
- Experience performing host-based forensic analysis utilizing Splunk.
- Experience analyzing network traffic, packet capture, and NetFlow data.
- Hands-on experience with industry-standard forensic tools such as:
- Splunk
- EnCase
- Magnet AXIOM
- X-Ways Forensics
- Experience correlating threat indicators and investigative data to support attribution and operational analysis.
- Understanding of cyber intrusion methodologies, attacker kill chains, malware behavior, and forensic artifact analysis.
- Active Top Secret clearance required, with willingness and ability to obtain a Counterintelligence Polygraph.