Cyber Threat Analyst

The Challenge:

Are you looking for an active role in detecting advanced Cyber threats to the US and its global partners and interests? Instead of letting the attackers come to us, let’s go find them. Cyber threats are evolving, and perimeter security and automated protection aren’t enough—it’s time to go threat hunting.

We’re looking for computer network defense (CND) and computer network exploitation (CNE) specialists who can think like a Cyber attacker to identify and track unattributed anomalous and malicious Cyber activity. This is an opportunity to use your analytical and technical skills to hunt down threats across the entire global Cyber landscape. You’ll learn to rapidly prototype and build signatures to apply against network traffic to find indications of active attacks or campaigns, indicators of compromise, command-and-control (C2), or other malware related activity. Learn from our team of Cybersecurity experts as you find the adversary in blind spots to help inform the client and their partners of emerging and unattributed threats to allow them to take proactive security measures. This is a chance to think differently about Cyber defense, use completely new tools and approaches, and hunt down the threat before it has an opportunity to impact our interests. Join the team as we take Cyber defense to the next level and develop the offensive Cybersecurity model.  

Empower change with us.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen Cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced Cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in Cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

You Have:

-12+ years of experience in the SIGINT or Cyber fields

-8+ years of experience with IT infrastructures

-8+ years of experience with Cybersecurity, including Security Operations Centers (SOC), incident response, malware analysis, IDS or IPS analysis, or penetration testing

-Knowledge of the TCP/IP networking stack and network IDS technologies

-Knowledge of the requirements to pass common Cybersecurity certifications, including GCFA, GCFE, GREM, GNFA, or OSCP

-Active TS/SCI clearance with a polygraph

-HS diploma or GED

Nice If You Have:

-Experience with network hunting, including Bro Logs, Netflow, PCAP, and the PaloAlto firewall or proxies

-Experience with penetration testing or Red Teaming

-Experience with SIGINT technical analysis, tools, and databases

-Knowledge of Windows and the PowerShell or command line

-Knowledge of offensive tools, including Mimikatz, Metasploit, or Empire

-Knowledge of Endpoint Incident Response and forensics

-Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building

-Knowledge of the regular expression and one or more common scripting languages, including Python or PowerShell

-Ability to analyze malware, extract indicators, and create signatures, including using YARA, SNORT, and IOCs

-Possession of excellent collaborative skills

-BA or BS degree in CS or IT

-Current certifications in GCFQ, GCFE, GREM, GNFA, OSCP, or similar

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance with polygraph is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.