ARA performs unique assessments from an adversarial perspective (Red). The DoD Red Team (NE-MAR) is one of the assessment programs within the Defense Threat Reduction Agency’s (DTRA)-Operational Nuclear Enterprise Support Directorate, Mission Assurance Department (NE-MA). The DTRA Red Team emulates the full spectrum of identified adversarial capabilities from a foreign intelligence entity and/or a terrorist organization by applying both critical and creative thinking to demonstrate exploitation of vulnerabilities of selected national command and control architectures. The Red Analysis Branch is the Center of Gravity for the DOD Red Team. It is the wellspring from which all requirements flow. It drives the OPTEMPO and challenges the status quo.

The Red Cyber Analysis Manager (rCAM)assumes all cyber analysis advisory responsibility for the Red Team. The rCAM works as needed with Red Team Branch Managers. This will include supporting adversarial cyber information for program objectives, identifying gaps in cyber architecture, and developing cyber emulative courses of action pertaining to the Red Team vulnerability assessment. The rCAM is responsible for providing advice to tactical partner elements and Red Team personnel in planning adversarial Cyber Warfare activities. The rCAM reports directly to the Red Analysis Branch Manager.

The Red Cyber Analysis Manager is responsible for providing advisory support concerning computer (network and infrastructure) analysis to enable Adversarial Cyber and/or Electronic Warfare Operations to an evolving Defense Threat Reduction Agency, Nuclear Enterprise, Mission Assurance Red Team.

The rCAM will perform duties as the core subject matter expert (SME) in cyber red team analysis in a variety of complex data topics related to various threats. As required, the rCAM will deploy in direct support of specific vulnerability assessments to provide local SME advisory:

Red Cyber Analysis Manager Responsibilities/Tasks:

• Manage projects across multiple teams, fostering clear communication, understanding, and process improvements
• Coach, mentor, manage, and advocate for the career development of the teams
• Cultivate team morale and culture, and partner with leadership to implement strategies and initiatives

In addition, the rCAM will ensure the Red Cyber Analysis Team will:

• Characterize the adversary’s cyber capabilities. Research the structure, ideology, intentions, tactics, and capabilities of adversarial cyber organizations to develop threat characterization using a combination of both classified and unclassified sources
• Contribute constructively to cyber threat emulation. Identify information requirements, develop assessment cyber strategies and assist Red Team Program Leader collection plans, identify information sources, and develop and conduct research of publicly available information (PAI) in order to determine adversary cyber courses of action and relevant information requirements (IR)
• Identify, map, and plan potential exploitations for key telecommunications networks.
• Analyze and characterize cyber systems and conduct analysis appropriate to the program, identify essential functions/tasks and critical assets necessary to perform them as determined by the program leader
• Contribute to developing cyber adversary courses of action (CoA). Develop courses of action that a cyber adversary might employ against customer personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains. Identify critical nodes/links or other targets and the effects of other environmental characteristics on course of action development
• Facilitate timely information management flow from DoD Red Team partner elements and other entities supporting DoD Red Team operations
• Support field assessments from a cyber adversary perspective
• Synthesize findings to support vulnerability identification, course of action development, protection studies, trend analyses, risk analysis, and mitigation strategies
• Develop a comprehensive understanding of the cyber implications of vulnerabilities discovered and fuse those findings with the systems analysis and determine impacts to the national and military missions they support
• Prepare activity reports including out briefs, senior leader briefs, and interim progress reports (IPRs) and briefs, white papers, after action reviews, final reports, risk analysis products, and other documents necessary to convey assessment findings to customers, partners, and other stakeholders
• Be able to explain network/system mechanisms to analysts and ground element in order to facilitate better analysis and operations
• Should have a diverse understanding of network and information security operations, network exploitation, and telecommunications
• Perform regular updates of existing Playbooks based on changes in the Threat Landscape or upon discovery of new threat tactics or procedures

Red Cyber Analysis Manager Required Skills/Qualifications:

• Active TS/SCI security clearance
• MS/MA with (8-10) years of applicable experience; BS/BA degree with (10-12) years applicable experience as a Cyber Analyst
• Previous experience concerning the components and functions of various communications networks and information systems
• An understanding of both the physical and digital aspects of communications systems.
• Experience in developing a strategy and roadmap for teams
• Proficient in understanding, analyzing and summarizing comprehensive and complex technical, contractual, and research information/data
• Demonstrated expertise performing information/data collection, analysis, and fusion.
• Excellent analytical, communications-both oral and written, and project management experience
• Drive operational excellence and long-term technical thinking/strategy
• Strong track record of managing performance, calibrating expectations, and building and maintaining high performing, inclusive teams
• Ability to understand, summarize and communicate highly technical information, in an accessible way, to executives and partners
• Strong written and verbal communication skills, attention to detail, planning, and organization
• Understand and be well versed in common cyber threat terminology, vulnerability and penetration test principles and methodologies
• Possess basic knowledge of cyber incident and response forensics and related current events

Red Cyber Analysis Manager Desired Skills/Qualifications:

• Must possess or be willing to obtain an IAT level II (GSEC or Security )
• Bachelor’s Degree in Information Technology, Computer Science, Information Systems or other STEM discipline
• Familiarity with Log Analysis, Packet Analysis OSI Model, Network Architectures, NIST, DIA-CAP, RMF, and Information Operations, threat intelligence activities including the collection of and tracking threat actors, digital forensics incident response; and threat hunting methodologies.
• Experience performing attack analysis or Red Team penetration testing against operational computer networks including experience in Windows Security, Network Security, Linux/Unix Security, Database security, or Mainframe Security.
• Ability to operate and navigate the Windows and UNIX/Linux operating system from the command prompt/line with ease.
• Graduate of one of the following Joint Cyber Analysis Course, Cyber Common Technical Core, Cyber Threat Emulation Methodologies or equivalent.

Who is ARA?

Applied Research Associates, Inc. (aka ARA) is an employee-owned international research and engineering company. We have been providing technically superior solutions to complex and challenging problems in the physical sciences since 1979. ARA has over 2,112 employee owners and continues to grow rapidly. Together, our offices throughout the U.S. and Canada provide a broad range of technical expertise in defense, civil, and health technologies, computer software and simulation, systems analysis, environmental technologies, and testing and measurement.

ARA also prides itself, on having a challenging culture where innovation & experimentation are the norm. The motto, “Engineering and Science for Fun and Profit” sums up the ARA experience. Employee ownership ensures you have a voice with what happens in the company. We are also very proud of our Women’s Initiative Network (WIN), whose purpose is to motivate, support, and encourage professional career development for women to maximize career and professional accomplishments.

To find out more about what the Intelligence, Surveillance & Reconnaissance Division has to offer, visit our website at: https://www.ara.com/benefits/

Experience

• 10 - 12 years: Relevant Work Experience

Education

• Bachelors or better

• Masters or better

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)