Red Team Cyber Analyst

Red Team Cyber Analysts (RCA) are responsible for providing direct strategic and tactical analytic support to the DoD Red Team. RCAs drive the strategic direction of cyber operations by selecting cyber targets and identifying cyber enabling actions from an adversary perspective. RCAs are responsible for the management, communication, and presentation of information gathered to team members, partner organizations, customers, and external parties. RCAs must exhibit initiative, creativity, an ability to operate in an analytically flat organization, and operate within a culture of professionalism and respect with peers, operational teams, and customers.

RCAs are responsible for providing advisory support concerning computer (network and infrastructure) analysis to enable Adversarial Cyber and/or Electronic Warfare Operations to support an evolving DoD Red Team. Additionally, RCAs act as subject matter experts on variety of complex topics related to varied cyber threats. As required, RCAs travel domestically and abroad to provide their expertise in direct support of geographically disparate vulnerability assessments.

Specifically, RCAs are responsible for researching and identifying positions, access points, relationships, organizations, and other potential vulnerabilities in support of DoD Red Team operations. This includes identifying adversarial cyber information for program objectives, identifying gaps in cyber architecture, and developing cyber courses of action on vulnerability assessments. Further, RCAs provide advice to tactical partner elements and Red Team personnel in planning adversarial cyber assessments. RCAs are also responsible for implementing specialized training, advanced analytic skills and tools, and maintaining knowledge of industry practices related to Cyber Red Teaming. Red Team Cyber Analysts report directly to the Red Team Cyber Analysis Lead.

Candidates applying for this position must display strong analytical skills, a DoD IAT Level II certification, and the conceptual knowledge of specific cyber related programs and software (example: Metasploit, Nessus, Wireshark).

RCAs are not authorized to conduct cyber or ground operations. Rather, RCAs provide the analytic support to enable the conduct of operations.

Responsibilities/Tasks

The Red Team Cyber Analyst shall:

Characterize the adversary’s cyber capabilities. Research the structure, ideology, intentions, tactics, and capabilities of adversarial cyber organizations to develop threat characterization using a combination of both classified and unclassified sources. 

Contribute constructively to cyber threat emulation. Identify information requirements, develop assessment cyber strategies and assist Red Team Program Leader collection plans, identify information sources, and develop and conduct research of publicly available information (PAI) in order to determine adversary cyber courses of action and relevant information requirements (IR).

Identify, map, and plan potential exploitation for key telecommunications networks. 

Analyze and characterize cyber systems and conduct analysis appropriate to the program, identify essential functions/tasks and critical assets necessary to perform them as determined by the program leader.

Contribute to developing cyber adversary courses of action (CoA). Develop courses of action that a cyber adversary might employ against customer personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains. Identify critical nodes/links or other targets and the effects of other environmental characteristics on course of action development.

Facilitate timely information management flow from DoD Red Team partner elements and other entities supporting DoD Red Team operations.

Support field assessments from a cyber adversary perspective.

Synthesize findings to support vulnerability identification, course of action development, protection studies, trend analyses, risk analysis, and mitigation strategies.

Develop a comprehensive understanding of the cyber implications of vulnerabilities discovered and fuse those findings with the systems analysis and determine impacts to the national and military missions they support.

Prepare activity reports including out briefs, senior leader briefs, and interim progress reports (IPRs) and briefs, white papers, after action reviews, final reports, risk analysis products, and other documents necessary to convey assessment findings to customers, partners, and other stakeholders.

Be able to explain network/system mechanisms to analysts and ground element in order to facilitate better analysis and operations.

Should have a diverse understanding of network and information security operations, network exploitation, and telecommunications.

Perform regular updates of existing documents based on changes in the Threat Landscape or upon discovery of new threat tactics or procedures.

Required Skills/Qualifications

DOD Level II IAT Certification or higher Certification demonstrating certified knowledge of Information Security Principles as it relates to administration of DoD networks and the cyber domain.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and visual means.

Ability to accurately and completely source all data used in products.

Ability to clearly articulate information requirements into well-formulated research questions.

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality products.

Ability to focus research efforts to meet the customers decision-making needs.

Ability to function effectively in a dynamic, fast-paced environment.

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts both internal and external to the organization to leverage analytical and technical expertise.

Ability to identify information gaps.

Ability to recognize and mitigate cognitive biases which may affect analysis.

Ability to think critically.

Ability to think like and emulate actions of threat actors.

An understanding of both the physical and digital aspects of communications systems.

Proficient in understanding, analyzing, and summarizing comprehensive and complex technical, contractual, and research information/data.

Demonstrated expertise performing information/data collection, analysis, and fusion.

Possess a current driver’s license.

Capable of operating a rental vehicle.

Active TS/SCI Clearance Required

US Citizenship Required

Desired Skills/Qualifications

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge of computer networking fundamentals (, basic computer components of a network, types of networks, etc.).

Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless).

Knowledge of cyber operations terminology/lexicon.

Knowledge of data communications terminology (, networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how to extract, analyze, and use metadata.

Knowledge of intelligence disciplines.

Knowledge of intelligence preparation of the environment and similar processes.

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions.

Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge of malware.

Knowledge of operations security.

Knowledge of organizational hierarchy and cyber decision-making processes.

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge of telecommunications fundamentals.

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge of the basics of network security (, encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of the common networking and routing protocols ( TCP/IP), services (, web, mail, DNS), and how they interact to provide network communications.

Knowledge of the ways in which targets or threats use the Internet.

Knowledge of threat and/or target systems.

Knowledge of virtualization products (VMware, Virtual PC).

Knowledge of what constitutes a threat to a network.

Understand and be well versed in common cyber threat terminology, vulnerability and penetration test principles and methodologies; possess basic knowledge of cyber incident and response forensics and related current events.

Familiarity with Log Analysis, Packet Analysis OSI Model, Network Architectures, NIST, DIA-CAP, RMF, and Information Operations, threat intelligence activities including the collection of and tracking threat actors, digital forensics incident response; and threat hunting methodologies.

Experience performing attack analysis or Red Team penetration testing against operational computer networks including experience in Windows Security, Network Security, Linux/Unix Security, Database security, or Mainframe Security.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.

---