What are the responsibilities and job description for the Threat Analyst (I&W) with Splunk with Security Clearance position at ClearanceJobs?
Threat Analyst (Indications & Warnings) – Splunk Federal Strategic Cyber Programs | Bureau of Diplomatic Security Support Location: Northern Virginia
Work Model: On-site (5 days per week)
Travel Requirement: Up to two weeks at a time, both domestic and international (approximately 10% overall travel) Program Overview This mission supports the Bureau of Diplomatic Security, Cyber and Technology Security Directorate, delivering integrated cyber operations across three critical functional areas: Cyber Monitoring and Operations Cyber Threat and Investigations Technology Innovation and Engineering The program provides technical, engineering, data analytics, cybersecurity, operational, and intelligence support to protect U.S. diplomatic systems, personnel, and global infrastructure. Position Overview ICS is seeking an experienced Threat Analyst (Indications & Warnings) with Splunk expertise to support high-impact Federal Strategic Cyber Programs. This role sits at the intersection of cyber intelligence, operations, and analytics, serving as a core member of the Indications and Warnings (I&W) team. You will track advanced threat actors, correlate intelligence with operational telemetry, and provide actionable insights that protect Department of State (DOS) systems, information, and personnel worldwide. This is a mission-critical intelligence role for professionals who thrive in classified environments and operate effectively across cyber operations, intelligence fusion, and strategic threat analysis. Key Responsibilities Serve as a core member of the Indications & Warnings (I&W) team, supporting enterprise-level cyber threat monitoring and intelligence operations. Leverage open-source, proprietary, vendor, and classified intelligence to track advanced persistent threat (APT) activity. Perform pattern, trend, and behavioral analysis to identify malicious cyber activity targeting Department of State (DOS) systems, personnel, and infrastructure. Maintain intelligence records and threat catalogs tracking malicious cyber activity across enterprise environments. Identify Indicators of Compromise (IOCs) using Splunk SIEM and enterprise security telemetry. Act as a key liaison with members of the U.S. Intelligence Community (IC). Operate as the fusion analysis cell within the Cyber Threat Analysis Division (CTAD). Correlate external threat intelligence with internal security events to identify patterns, vulnerabilities, and adversary campaigns. Monitor geopolitical developments and emerging technologies to assess evolving cyber risk. Provide intelligence briefings and presentations to technical, operational, and executive audiences. Support attribution analysis, adversary profiling, and intelligence operations during active cyber incidents. Contribute to post-incident reviews, lessons learned, and continuous improvement of threat detection capabilities. Required Qualifications
Education & Experience Bachelor’s degree with 9 years of relevant experience, or 4 additional years of experience may be substituted in lieu of degree requirement. Certifications Must possess or obtain prior to start date one of the following: CCNA-Security CND CySA GICSP GSEC Security CE SSCP Technical & Intelligence Expertise Hands-on experience with Splunk SIEM. Experience leveraging MITRE ATT&CK or other threat models: Lockheed Martin Cyber Kill Chain Diamond Model Knowledge of APT tracking and threat actor lifecycle analysis. Experience pivoting from IOCs to infrastructure discovery and campaign attribution. Familiarity with modern threat detection platforms. Knowledge of cloud security and threats targeting cloud environments. Strong understanding of network protocols and systems. Experience developing predictive threat models and recommending preemptive defensive measures. Experience supporting active cyber incidents, including: Attribution analysis Adversary profiling Intelligence support operations Experience supporting post-incident analysis and capability improvement efforts. Communication & Collaboration Exceptional written and verbal communication skills, with the ability to: Translate technical intelligence into actionable insights Brief audiences ranging from analysts to executive leadership Ability to operate independently and within multi-disciplinary intelligence teams. Clearance, Citizenship & Travel U.S. citizenship required Active Top Secret clearance with SCI eligibility required Active U.S. passport required Must be able to travel internationally and domestically for up to two weeks at a time Why Join ICS At ICS, you’ll operate at the nexus of cyber intelligence, national security, and global mission support. This role offers the opportunity to directly defend U.S. diplomatic operations worldwide by identifying emerging threats, tracking advanced adversaries, and shaping strategic cyber defense through intelligence-driven operations. You will work alongside intelligence professionals, cyber operators, and federal partners in a high-trust, high-impact mission environment where your analysis directly influences operational decisions and national security outcomes.
Work Model: On-site (5 days per week)
Travel Requirement: Up to two weeks at a time, both domestic and international (approximately 10% overall travel) Program Overview This mission supports the Bureau of Diplomatic Security, Cyber and Technology Security Directorate, delivering integrated cyber operations across three critical functional areas: Cyber Monitoring and Operations Cyber Threat and Investigations Technology Innovation and Engineering The program provides technical, engineering, data analytics, cybersecurity, operational, and intelligence support to protect U.S. diplomatic systems, personnel, and global infrastructure. Position Overview ICS is seeking an experienced Threat Analyst (Indications & Warnings) with Splunk expertise to support high-impact Federal Strategic Cyber Programs. This role sits at the intersection of cyber intelligence, operations, and analytics, serving as a core member of the Indications and Warnings (I&W) team. You will track advanced threat actors, correlate intelligence with operational telemetry, and provide actionable insights that protect Department of State (DOS) systems, information, and personnel worldwide. This is a mission-critical intelligence role for professionals who thrive in classified environments and operate effectively across cyber operations, intelligence fusion, and strategic threat analysis. Key Responsibilities Serve as a core member of the Indications & Warnings (I&W) team, supporting enterprise-level cyber threat monitoring and intelligence operations. Leverage open-source, proprietary, vendor, and classified intelligence to track advanced persistent threat (APT) activity. Perform pattern, trend, and behavioral analysis to identify malicious cyber activity targeting Department of State (DOS) systems, personnel, and infrastructure. Maintain intelligence records and threat catalogs tracking malicious cyber activity across enterprise environments. Identify Indicators of Compromise (IOCs) using Splunk SIEM and enterprise security telemetry. Act as a key liaison with members of the U.S. Intelligence Community (IC). Operate as the fusion analysis cell within the Cyber Threat Analysis Division (CTAD). Correlate external threat intelligence with internal security events to identify patterns, vulnerabilities, and adversary campaigns. Monitor geopolitical developments and emerging technologies to assess evolving cyber risk. Provide intelligence briefings and presentations to technical, operational, and executive audiences. Support attribution analysis, adversary profiling, and intelligence operations during active cyber incidents. Contribute to post-incident reviews, lessons learned, and continuous improvement of threat detection capabilities. Required Qualifications
Education & Experience Bachelor’s degree with 9 years of relevant experience, or 4 additional years of experience may be substituted in lieu of degree requirement. Certifications Must possess or obtain prior to start date one of the following: CCNA-Security CND CySA GICSP GSEC Security CE SSCP Technical & Intelligence Expertise Hands-on experience with Splunk SIEM. Experience leveraging MITRE ATT&CK or other threat models: Lockheed Martin Cyber Kill Chain Diamond Model Knowledge of APT tracking and threat actor lifecycle analysis. Experience pivoting from IOCs to infrastructure discovery and campaign attribution. Familiarity with modern threat detection platforms. Knowledge of cloud security and threats targeting cloud environments. Strong understanding of network protocols and systems. Experience developing predictive threat models and recommending preemptive defensive measures. Experience supporting active cyber incidents, including: Attribution analysis Adversary profiling Intelligence support operations Experience supporting post-incident analysis and capability improvement efforts. Communication & Collaboration Exceptional written and verbal communication skills, with the ability to: Translate technical intelligence into actionable insights Brief audiences ranging from analysts to executive leadership Ability to operate independently and within multi-disciplinary intelligence teams. Clearance, Citizenship & Travel U.S. citizenship required Active Top Secret clearance with SCI eligibility required Active U.S. passport required Must be able to travel internationally and domestically for up to two weeks at a time Why Join ICS At ICS, you’ll operate at the nexus of cyber intelligence, national security, and global mission support. This role offers the opportunity to directly defend U.S. diplomatic operations worldwide by identifying emerging threats, tracking advanced adversaries, and shaping strategic cyber defense through intelligence-driven operations. You will work alongside intelligence professionals, cyber operators, and federal partners in a high-trust, high-impact mission environment where your analysis directly influences operational decisions and national security outcomes.