CACI International Sr. Cyber Threat Analyst in Linthicum, Maryland

Job Description:

Summary: CACI is in search of a Cyber Threat Analyst with a wide range of knowledge, performs CI Cyber Operations support for duties to include policy, doctrine, cyber threat assessments, evaluation of CI Support to Cyber Operations concept of operations (CONOPS), vulnerability assessments, and other planning, staffing, and programmatic activities.


Coordinates and synchronizes a broad range of CI Support to Cyber Operations activities. Reviews, evaluates, and provides insightful analysis to CI Support to Cyber Operations strategic plans and activities. Charts a strategic direction to analyze foreign activity on DoD systems. Delivers products that are timely, actionable and conducive to protection of critical information throughout the military branches by identifying and documenting foreign cyber capabilities, technologies and methodologies. May represents the customer at Joint, Intelligence Community and Inter-Agency Meetings worldwide as required. Independently develop initiatives to enhance the analysis and analytical support provided to CI Support to Cyber Operations Capabilities Prepares and deliver briefings to senior leadership regarding CI Support to Cyber Operations. Provides client with a greater understanding of CI Support to Cyber Operations policies and methodologies. May liaise with the IA and the intelligence and law enforcement community.EDUCATION & EXPERIENCE:

Typically requires a bachelor’s degree or equivalent and ten to tweleve years of related experience.

Required Qualifications:

  • BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Studies, Cyber Security or another related field of study or equivalent 8+ years performing technical cyber threat ntelligence analysis.

  • Strong technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch) and open source information collection. Candidate must have a thorough understanding of Domain Name Service records.

  • Strong knowledge of Cyber Threat Intelligence principles to include indicators of compromise (IOC) types, indicator pivoting and indicator attribution strength.

  • Strong understanding of US Intelligence Community and how cyber intelligence organizations work together for purposes of conducting cyber threat analysis

  • Strong proficiency and recent experience (within last 3 years) performing NETFLOW and PCAP analysis using common analysis tools (examples include Wireshark, Splunk, ChopShop, Dshell, Network Miner, Moloch, etc). Candidate must be strongly proficient at sessionizing PCAP data, identifying and decoding protocols, extracting files, and applying standard filters such as Berkley Packet Filter (BPF).

  • Strong proficiency Report writing - a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting

  • Strong or Intermediate ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity. Candidate must be able to make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis. Candidate must be able to identify analytic bias.

  • Intermediate ability to build intrusion related data visualizations and perform analysis (i.e., using I2 Analyst Notebook, Netviz, Palantir, etc)

  • Intermediate ability to present technical information and analysis to groups up to 50 persons on a quarterly basis. Candidate will be required to brief smaller groups up to 10 persons on a weekly basis.

  • Self-starter with the ability to proactively engage and develop relationships with intrusion set subject matter experts and analyst counterparts across the US Intelligence and Law Enforcement communities

Desired Qualifications:

  • Chinese Mandarin language, ILR 3/3 level of general proficiency (or equivalent certified language training standard) with a test date in the last 3 years

  • Formal training as an intelligence analyst in any discipline ? graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc

  • Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity

  • Certifications (any): CISSP, CEH, Security+, SANS certification(s), Network+, CCNA

  • Advanced NETFLOW and PCAP Analysis

  • Advanced Data Visualization proficiency leveraging COTS/GOTS tools

  • Technical Skills proficiency: Python language, encryption technologies/standards

  • Intermediate malware analysis or digital computer forensics experience

  • Any type of Cyber related Law Enforcement or Counterintelligence experience

  • Existing Subject Matter Expert of Advanced Persistent Threat activity

  • Experience using COTS/Open Source tools: Novetta Cyber Analytics, Mitre ChopShop and/or ARL DSHELL

  • Analyst experience in Federal Cyber Center, NSA, or Corporate CIRT


Normal demands associated with an office environment. Ability to work on computer for long periods and communicate with individuals by telephone, email and face to face. Some travel may be required.

CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. Join CACI, where you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. A Fortune magazine World's Most Admired Company in the IT Services industry, CACI is a member of the Fortune 1000 Largest Companies, the Russell 2000 Index, and the S&P SmallCap600 Index. CACI provides dynamic careers for over 20,000 employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.