What are the responsibilities and job description for the Cyber Threat Analyst position at Amatriot Group, LLC?
Cyber Threat Analyst
5 Year DoJ Contract | Chantilly, VA
Amatriot is seeking a Cyber Threat Analyst to support a Cyber Technical Analysis Unit in
analyzing cyber intrusion activity, digital communications, and host/network forensic artifacts in
support of DoJ mission operations. This role is focused on cyber threat analysis, intrusion
investigation, host-based forensic analysis, network traffic analysis, and attribution support
within a highly sensitive operational environment. The ideal candidate will possess experience
analyzing Splunk data, conducting host and network forensic analysis, and utilizing industrystandard
forensic and cyber analysis tools to identify malicious activity, recover artifacts, and
support investigative operations.
Responsibilities
Process, evaluate, and analyze digital network communications and cyber threat data to
identify malicious activity and support investigative operations.
Conduct cyber intrusion investigations and end-to-end kill chain analysis across host and
network environments.
Perform host-based forensic analysis leveraging Splunk and standard forensic toolsets
to identify indicators of compromise, attacker activity, persistence mechanisms, and
unauthorized access.
Analyze packet capture (PCAP) and NetFlow data to identify malicious communications,
software usage, command execution, credential activity, and network-based indicators of
compromise.
Correlate digital artifacts including IP addresses, URLs, malware indicators, system logs,
and user activity across multiple data sources to support attribution and investigative
lead generation.
Analyze encrypted and plaintext credentials, registry artifacts, rootkit activity, commandline
execution, and other system-level forensic evidence.
Draft detailed technical reports and analytical findings based on cyber investigations
while participating in internal review and quality assurance processes.
Support development and refinement of cyber analysis processes, CONOPS, SOPs,
and investigative methodologies.
Conduct open-source and intelligence community research to maintain awareness of
emerging cyber threats, malware trends, and adversary tactics, techniques, and
procedures (TTPs).
Collaborate with internal teams and mission partners across the intelligence community
to support tactical and strategic cyber operations.
Provide operational updates and analytical findings to leadership and investigative
stakeholders.
Required Skills & Experience
Active Top Secret Clearance required, with willingness and ability to obtain a Counter
Intelligence (CI) Polygraph.
BS/BA degree with 5 years of relevant experience or 9 years with no degree. Advanced
certifications, specialized training, or equivalent hands-on experience may be considered
in lieu of years of experience
Experience performing host-based forensic analysis utilizing Splunk.
Experience analyzing network traffic, packet capture (PCAP), and NetFlow data.
Hands-on experience with industry-standard forensic tools such as:
o Splunk
o EnCase
o Magnet AXIOM
o X-Ways Forensics
Understanding of cyber intrusion methodologies, attacker kill chains, malware behavior,
and forensic artifact analysis.
Experience correlating threat indicators and investigative data to support attribution and
operational analysis.