ECS is seeking a Threat Intelligence Analyst - Tier 3 to work in our Washington, DC office.

Job Description:

• Adversary Emulation - Perform passive and active adversary emulations to replicate activities of known relevant threat actors by utilizing offensive tools to test current security measures.
• Document and present findings and recommendations to technical experts on other teams and to leadership.
• Cyber Adversary Research - Research and document both historical and timely adversarial activities. Ability to categorize actors by both urgency and relevance to the the Legislative sector. Also has the ability to provide research and context based on targeted needs of incident response, risk assessments, VIP activity, and other ad hoc requests.
• Cybersecurity Exercise Planning - Oversee and plan Cybersecurity activities for advancement in security related knowledge and intelligence application. Share and collaborate with other legislative groups.
• Indicator of Compromise Processing - Use all sources of intelligence, from OSINT to law enforcement/intel community data to identify and compile relevant indicators and work with operations team to verify any presence in the network and develop protections against future activity.
• Pentesting - Identify and display proficient use of offensive tools to discover and verify security gaps/vulnerabilities on endpoint devices, applications, and networks.
• Purple Teaming - Collaborate with Detection Engineering to perform offensive adversary engagements to detect and verify targeted security measures and identify gaps to create detections for future mitigations. Must have the ability to directly assist in the creation of detections and mitigations and have the ability to present these to leadership.
• Risk Analysis - Research the current state of targeted components and identify future vulnerabilities and assess likelihood of that occurrence. Tie this risk into the holistic security and threat landscape and serve as a trusted advisor to customers and leadership.

• Demonstrated knowledge of threat intelligence platforms.
• Demonstrated deep technical level experience supporting security network defense and strategies.
• Knowledge of threat actors and campaigns related to government/legislative branch.
• Experience with current and historical threat actor group Tactics, Techniques, and Procedures.
• Ability to use in-depth knowledge to identify and present actionable intelligence to team members
• and senior leadership.
• Experience with scripting languages (bash), application development (Java, Perl, Python, .NET, PowerShell, VBscript), databases and analytical tools.
• Subject Matter Expert (SME) on two or more of the following: Log Analysis/Event Detection, Cyber Adversary Research, Pentesting, Adversary Emulation, Purple Teaming, Risk Analysis, Indicator of Compromise Processing, Cybersecurity Exercise Planning
• Works with executive management to determine acceptable levels of risk for the enterprise.
• The ability to develop detailed multi month and resourced project plans providing timely updates.
• Assist in the development and performance of quality control checks for threat intelligence operations.
• Assist in the development and performance of operational metrics for threat intelligence operations.
• Bachelor's Degree in related field.

• Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.
• Ability to lead in the development and performance of quality control checks for threat intelligence operations.
• Ability to lead in the development and performance of operational metrics for threat intelligence operations.
• Ability to lead in the development and performance of project management for threat intelligence operations.