By Light Professional IT Services

  • Cyber Threat Detection Analyst (TS/SCI)

    Job Locations US-MD-Fort Meade
    # of Openings
    Information Technology
  • Overview

    By Light is hiring a Cyber Threat Detection Analyst to join our team supporting a DOD customer. This position will support the detection, monitoring, correlation, and prevention of cyber threat activity targeting the DOD. Candidates should understand the details of named areas of interest and advanced persistent threats that impact the DOD with an in-depth knowledge and ability to analyze, track, correlate, harvest, trend, and report on the unique TTPs utilized. All candidates must be open to shift work.


    By Light provides a broad range of hardware, software, engineering, and IT integration services. Headquartered in Arlington, VA, we support defense, civilian, commercial, and health IT customers worldwide. We offer an excellent benefits package that includes: medical, dental, vision, life and disability insurance, paid time off, paid holidays, 401(k), and profit sharing.


    • Configure, maintain, and utilize DOD and CC/S/A/FA capabilities in order to detect, monitor, track, and analyze malicious activity.
    • Consume, review, correlate, and report on high priority DoD, Intelligence, and USG operational reporting of threat and vulnerabilities to correlate similar incidents/events, malicious tradecraft, TTPs of malicious activity, and indicators utilized to impact or target the DOD Information Network (DODIN).
    • Develop consolidated notification and updates to the SOC on threat and vulnerability activity. 
    • Develop, obtain government approval, and release situational awareness reports/products; operational directives/order and coordination messages; and quarterly threat analysis reports and metrics.
    • Review, analyze, and maintain the content of a DOD indicator database to aid in the detection and mitigation of threat activity. 
    • Update DOD shared situational awareness mechanisms including websites, Wikipedia style solutions, and collaboration / chat mechanisms.
    • Develop and present cyber threat briefings, presentations, and papers to DOD leadership to ensure situational awareness and status are conveyed related to the assigned project areas.
    • Operate as the DOD community leader for the discovery of threat activity and associated indicators. 
    • Determine sophistication, priority, and threat level of identified malware and intrusion related TTPs.
    • Develop metrics and trending/analysis reports of malicious activity used to compromise the DODIN. 
    • Develop, staff, and release analysis findings in technical analysis reports to DOD Community. 
    • Manage a DOD prioritization process to identify priority threats and vulnerabilities that are impacting the DODIN. 
    • Develop signatures for use within DoD threat detection capabilities to detect potentially malicious activity on the DODIN. 
    • Coordinate with partner organizations to distribute, receive, and conduct analysis on vulnerability and threat information that impacts the DODIN.


    • Previous tools experience working with ArcSight, Splunk, PCAP, JIMS or equivalent toolsets.
    • Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection).
    • Experience in an Operations Center providing Senior Leaders specified reports based on information received from supporting units.
    • Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
    • Critical/logical thinking skills.
    • Experience working with the Intelligence Community and priority intelligence requirements.
    • Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language.

    Preferred Qualifications

    • Currently possess DoD 8570 IAT Level II certification (Security+ or equivalent).
    • ITIL v3 Foundation certified.

    Special Requirements/Security Clearance

    • Current TS/SCI security clearance and eligible for C/I Polygraph.
    • All candidates must be open to shift work.

    An Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed