**Position Title: Senior Cyber Threat Emulation Analyst** **Location:** Schriever Space Force Base, Colorado Springs, CO or Redstone Arsenal, Huntsville, AL **Relocation Assistance:** None available at this time **Remote/Telework:** NO - Not available for this position **Clearance Type:** DoD Secret **Shift:** Day shift **Travel Required:** Up to 10% of the time **Description of Duties:** The **Senior Cyber Threat Emulation Analyst** supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will: • Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM). • Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture. • Analyze correlated assets, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture. • Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation. • Provide standardized and targeted training in support of MDA CSSP-CERT Subscriber vulnerability management programs. • Measures effectiveness of defense-in-depth architecture against known vulnerabilities. • Generate vulnerability assessment reports for customers and escalate for further review. • Support Incident Response across the enterprise IAW DoD regulations and instructions. • Support cyber events and incident investigations from start to conclusion, to include gathering data, analysis, and reporting. • Develop an Exploitation Analyst training plan by instructing, evaluating, and mentoring junior, mid, and senior analysts. • Receive, review, and implement directed Higher Headquarters Tasking Orders (HHQ) and/or Fragmentary Orders. • Perform Cyber Threat Emulation (CTE) actions with Automated Security Validation (ASV) toolset as directed by HHQ • Execute HHQ directed and custom CTE actions with specific adversary tactics, techniques, and procedures (TTPs) to assess toolset detection and alerting. • Create custom dashboards and reports to communicate post engagement analysis of each CTE engagement, including identified vulnerabilities, recommended remediation steps, assessment of the system's security posture, and incident response to government within a specified amount of time after completion of engagement. • Draft and submit Cyber Tasking Orders (CTOs) to remediate issues found in report finding during CTE actions. • Collaborate with the Vulnerability Assessment and Cyber Defense Teams to develop evaluation criteria and methodologies aligned with HHQ inspection requirements and industry best practices. • Evaluate personnel training and effectiveness in incident response processes and procedures to detect, respond, and mitigate simulated and real-world threats to recognize the need for additional training **Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate may be assigned as an employee for one of our teammate companies.** **Basic Requirements:** • Must have 8, or more, years of general (full-time) work experience • Must have 6, or more, years of combined experience with: o Performing manual or automated penetration test in an enterprise environment o Practical experience with vulnerability assessment, cybersecurity frameworks, or conducting risk assessments o Experience performing the full life cycle of incident response and enterprise-level monitoring • Must have 2, or more, years of experience in management or leadership in a team environment • Must have a current DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CySA+, GICSP, GSEC, Security+ CE, SSCP) • Must be able to obtain a PenTest+ certification within 6 months • Must have an active DoD Secret Security Clearance **Desired Requirements:** • Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field • Have experience with Cyber Threat Emulation tools, policies, and procedures • Have experience operating custom software on top of a Linux platform • Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Bluecoat, Barracuda, etc. • Have experience performing security compliance scans across a WAN (ACAS/Nessus preferred) • Have a background in configuration, troubleshooting, and deployment of host-based security (ESS preferred) • Be able to mentor and train personnel in an evolving, high-paced environment • Be familiar with DoD Security Operations Centers (SOC) (aka CSSP) • Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures • Have an active DoD Top Secret clearance This position is expected to pay **$135,000 - $145,000** annually; depending on experience, education, and any certifications that are directly related to the position. This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed. Our health and welfare benefits are designed to invest in you, and in the things that you care about. Your health. Your well-being. Your security. Your future. Typical benefits offered include flexible work schedules, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.