Red Analyst (Cyber)

Red Analyst (Cyber)

Red Team Analysts (cyber) are responsible for providing direct strategic and tactical analytic support to the DoD Red Team . The Red Analysts (cyber) drive the strategic direction of cyber operations by selecting cyber targets and identifying cyber enabling actions from an adversary perspective. The Red Analysts (cyber) are responsible for the management, communication, and presentation of information gathered to team members, partner organizations, customers, and external parties. The Red Analysts (cyber) must exhibit initiative, creativity, an ability to operate in an analytically flat organization , and operate within a culture of professionalism and respect with peers, operational teams, and customers.
The Red Analysts (cyber) are responsible for providing advisory support concerning computer (network and infrastructure) analysis to enable Adversarial Cyber and/or Electronic Warfare Operations to support an evolving DoD Red Team.

The Red Analysts (cyber) act as subject matter experts on a variety of complex topics related to a variety of cyber threats. As required the Red Analysts (cyber) travel domestically and abroad to provide expert expertise and direct support of geographically separate vulnerability assessments.
Specifically, the Red Analysts (cyber) are responsible for researching and identifying positions, access points, relationships, organizations, and other potential vulnerabilities in support of DoD Red Team operations. This includes identifying adversarial cyber information for program objectives, identifying gaps in cyber architecture and developing cyber courses of actions on vulnerability assessments. Further, the Red Analysts (cyber) provide advice to tactical partner elements and red team personnel in planning adversarial cyber assessments. They are also responsible for implementing specialized training, advanced analytic skills and tools, and maintaining knowledge of industry practices related to cyber red teaming. They report directly to the Red Team Cyber Analysis Lead.

Responsibilities/Tasks
The Red Analyst (Cyber) shall:

• Characterize the adversary’s cyber capabilities. Research the structure, ideology, intentions, tactics, and capabilities of adversarial cyber organizations to develop threat characterization
• Contribute constructively to cyber threat emulation. Identify information requirements, develop assessment cyber strategies and assist Red Team Program Leader collection plans, identify information sources, and develop and conduct research of publicly available information (PAI) in order to determine adversary cyber courses of action and relevant information requirements (IR).
• Identify, map, and plan potential exploitations for key telecommunications networks.
• Analyze and characterize cyber systems and conduct analysis appropriate to the program, identify essential functions/tasks and critical assets necessary to perform them as determined by the program leader.
• Contribute constructively to cyber threat emulation. Identify information requirements, develop assessment cyber strategies and assist red team program leader collections plans, identify information sources, and develop and conduct research of publicly available information (PAI) in order to determine adversary cyber courses of action and relevant information requirements (IR)
• Identify, map, and plan potential exploitation for key telecommunications networks.
• Analyze and characterize cyber systems and conduct analysis appropriate to the program, identify essential functions/tasks and critical assets necessary to perform them as determined by the program leader.
• Contribute to developing cyber adversary courses of action ( CoA). Develop courses of action that a cyber adversary might employ against customer personnel and equipment facilities networks information and information systems. Identify critical nodes/links or other targets and the effects of other environmental characteristics on course of action development.
• Support field assessments from a cyber adversary perspective develop a comprehensive understanding of cyber implication of vulnerabilities discovered and fuse those finding with the systems analysis and determine impacts to the national and military missions they support.
• Provide activity reports including out briefs to senior leaders and interim progress reports and white papers, after action reviews, final reports, risk analysis products and other documents as required.
• Perform regular updates of existing documents based on changes in the threat landscape or upon discovery of new threat tactics or procedures

Required Skills/Qualifications

• Ability to communicate complex informational concepts or ideas in a confident and well -organized manner through verbal written and visual means.
• Ability to accurately and completely source all data used in products.
• Ability to clearly articulate information requirements in to well - formulated research questions.
• Ability to develop or recommend analytic approaches or solutions to
  problems and situations for which information is incomplete or for which no precedent exists.
• Demonstrated expertise performing information/data collection analysis and fusion.
• Ability to think like and emulate actions of threat actors.
• Possess a current driver's license.
• Capable of operating a rental vehicle.
• Active TS/SCI clearance required.
• U S citizenship required.
• Travel is up to 20%

Desired Skills/Qualifications

• IAT level II/III
• Understand and be well versed in common cyber threat terminology, vulnerability, and penetration test principes and methodologies.
• Possess basic knowledge of cyber incident and response forensics and related current events
• Familiarity with log analysis packet analysis OSI Model, Network Architectures, NISTS DIACAPS RMFs and Information Operations threat intelligence activities including the collection of and tracking threat actors digital forensics incident response and threat hunting methodologies
• Experience performing attack analysis or Red Team penetration testing against operational computer networks including experience in Windows Security, Network Security, Linux/Unix Security, Database security, or Mainframe Security.
• Knowledge of common computer/network infections (virus, trojan, etc.) and methods of infection(ports, attachments, etc.)
• Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.)