Posted today
Top Secret
Senior Level Career (10+ yrs experience)
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Threat Analyst (Indications & Warnings) – Splunk
Federal Strategic Cyber Programs | Bureau of Diplomatic Security Support
Location: Northern Virginia
Work Model: On-site (5 days per week)
Travel Requirement: Up to two weeks at a time, both domestic and international (approximately 10% overall travel)
Program Overview
This mission supports the Bureau of Diplomatic Security, Cyber and Technology Security Directorate, delivering integrated cyber operations across three critical functional areas:
Cyber Monitoring and Operations
Cyber Threat and Investigations
Technology Innovation and Engineering
The program provides technical, engineering, data analytics, cybersecurity, operational, and intelligence support to protect U.S. diplomatic systems, personnel, and global infrastructure.
Position Overview
ICS is seeking an experienced Threat Analyst (Indications & Warnings) with Splunk expertise to support high-impact Federal Strategic Cyber Programs. This role sits at the intersection of cyber intelligence, operations, and analytics, serving as a core member of the Indications and Warnings (I&W) team. You will track advanced threat actors, correlate intelligence with operational telemetry, and provide actionable insights that protect Department of State (DOS) systems, information, and personnel worldwide.
This is a mission-critical intelligence role for professionals who thrive in classified environments and operate effectively across cyber operations, intelligence fusion, and strategic threat analysis.
Key Responsibilities
Serve as a core member of the Indications & Warnings (I&W) team, supporting enterprise-level cyber threat monitoring and intelligence operations.
Leverage open-source, proprietary, vendor, and classified intelligence to track advanced persistent threat (APT) activity.
Perform pattern, trend, and behavioral analysis to identify malicious cyber activity targeting Department of State (DOS) systems, personnel, and infrastructure.
Maintain intelligence records and threat catalogs tracking malicious cyber activity across enterprise environments.
Identify Indicators of Compromise (IOCs) using Splunk SIEM and enterprise security telemetry.
Act as a key liaison with members of the U.S. Intelligence Community (IC).
Operate as the fusion analysis cell within the Cyber Threat Analysis Division (CTAD).
Correlate external threat intelligence with internal security events to identify patterns, vulnerabilities, and adversary campaigns.
Monitor geopolitical developments and emerging technologies to assess evolving cyber risk.
Provide intelligence briefings and presentations to technical, operational, and executive audiences.
Support attribution analysis, adversary profiling, and intelligence operations during active cyber incidents.
Contribute to post-incident reviews, lessons learned, and continuous improvement of threat detection capabilities.
Required Qualifications
Education & Experience
Bachelor’s degree with 9+ years of relevant experience, or
4 additional years of experience may be substituted in lieu of degree requirement.
Certifications
Must possess or obtain prior to start date one of the following:
CCNA-Security
CND
CySA+
GICSP
GSEC
Security+ CE
SSCP
Technical & Intelligence Expertise
Hands-on experience with Splunk SIEM.
Experience leveraging MITRE ATT&CK or other threat models:
Lockheed Martin Cyber Kill Chain
Diamond Model
Knowledge of APT tracking and threat actor lifecycle analysis.
Experience pivoting from IOCs to infrastructure discovery and campaign attribution.
Familiarity with modern threat detection platforms.
Knowledge of cloud security and threats targeting cloud environments.
Strong understanding of network protocols and systems.
Experience developing predictive threat models and recommending preemptive defensive measures.
Experience supporting active cyber incidents, including:
Attribution analysis
Adversary profiling
Intelligence support operations
Experience supporting post-incident analysis and capability improvement efforts.
Communication & Collaboration
Exceptional written and verbal communication skills, with the ability to:
Translate technical intelligence into actionable insights
Brief audiences ranging from analysts to executive leadership
Ability to operate independently and within multi-disciplinary intelligence teams.
Clearance, Citizenship & Travel
U.S. citizenship required
Active Top Secret clearance with SCI eligibility required
Active U.S. passport required
Must be able to travel internationally and domestically for up to two weeks at a time
Why Join ICS
At ICS, you’ll operate at the nexus of cyber intelligence, national security, and global mission support. This role offers the opportunity to directly defend U.S. diplomatic operations worldwide by identifying emerging threats, tracking advanced adversaries, and shaping strategic cyber defense through intelligence-driven operations.
You will work alongside intelligence professionals, cyber operators, and federal partners in a high-trust, high-impact mission environment where your analysis directly influences operational decisions and national security outcomes.
Federal Strategic Cyber Programs | Bureau of Diplomatic Security Support
Location: Northern Virginia
Work Model: On-site (5 days per week)
Travel Requirement: Up to two weeks at a time, both domestic and international (approximately 10% overall travel)
Program Overview
This mission supports the Bureau of Diplomatic Security, Cyber and Technology Security Directorate, delivering integrated cyber operations across three critical functional areas:
Cyber Monitoring and Operations
Cyber Threat and Investigations
Technology Innovation and Engineering
The program provides technical, engineering, data analytics, cybersecurity, operational, and intelligence support to protect U.S. diplomatic systems, personnel, and global infrastructure.
Position Overview
ICS is seeking an experienced Threat Analyst (Indications & Warnings) with Splunk expertise to support high-impact Federal Strategic Cyber Programs. This role sits at the intersection of cyber intelligence, operations, and analytics, serving as a core member of the Indications and Warnings (I&W) team. You will track advanced threat actors, correlate intelligence with operational telemetry, and provide actionable insights that protect Department of State (DOS) systems, information, and personnel worldwide.
This is a mission-critical intelligence role for professionals who thrive in classified environments and operate effectively across cyber operations, intelligence fusion, and strategic threat analysis.
Key Responsibilities
Serve as a core member of the Indications & Warnings (I&W) team, supporting enterprise-level cyber threat monitoring and intelligence operations.
Leverage open-source, proprietary, vendor, and classified intelligence to track advanced persistent threat (APT) activity.
Perform pattern, trend, and behavioral analysis to identify malicious cyber activity targeting Department of State (DOS) systems, personnel, and infrastructure.
Maintain intelligence records and threat catalogs tracking malicious cyber activity across enterprise environments.
Identify Indicators of Compromise (IOCs) using Splunk SIEM and enterprise security telemetry.
Act as a key liaison with members of the U.S. Intelligence Community (IC).
Operate as the fusion analysis cell within the Cyber Threat Analysis Division (CTAD).
Correlate external threat intelligence with internal security events to identify patterns, vulnerabilities, and adversary campaigns.
Monitor geopolitical developments and emerging technologies to assess evolving cyber risk.
Provide intelligence briefings and presentations to technical, operational, and executive audiences.
Support attribution analysis, adversary profiling, and intelligence operations during active cyber incidents.
Contribute to post-incident reviews, lessons learned, and continuous improvement of threat detection capabilities.
Required Qualifications
Education & Experience
Bachelor’s degree with 9+ years of relevant experience, or
4 additional years of experience may be substituted in lieu of degree requirement.
Certifications
Must possess or obtain prior to start date one of the following:
CCNA-Security
CND
CySA+
GICSP
GSEC
Security+ CE
SSCP
Technical & Intelligence Expertise
Hands-on experience with Splunk SIEM.
Experience leveraging MITRE ATT&CK or other threat models:
Lockheed Martin Cyber Kill Chain
Diamond Model
Knowledge of APT tracking and threat actor lifecycle analysis.
Experience pivoting from IOCs to infrastructure discovery and campaign attribution.
Familiarity with modern threat detection platforms.
Knowledge of cloud security and threats targeting cloud environments.
Strong understanding of network protocols and systems.
Experience developing predictive threat models and recommending preemptive defensive measures.
Experience supporting active cyber incidents, including:
Attribution analysis
Adversary profiling
Intelligence support operations
Experience supporting post-incident analysis and capability improvement efforts.
Communication & Collaboration
Exceptional written and verbal communication skills, with the ability to:
Translate technical intelligence into actionable insights
Brief audiences ranging from analysts to executive leadership
Ability to operate independently and within multi-disciplinary intelligence teams.
Clearance, Citizenship & Travel
U.S. citizenship required
Active Top Secret clearance with SCI eligibility required
Active U.S. passport required
Must be able to travel internationally and domestically for up to two weeks at a time
Why Join ICS
At ICS, you’ll operate at the nexus of cyber intelligence, national security, and global mission support. This role offers the opportunity to directly defend U.S. diplomatic operations worldwide by identifying emerging threats, tracking advanced adversaries, and shaping strategic cyber defense through intelligence-driven operations.
You will work alongside intelligence professionals, cyber operators, and federal partners in a high-trust, high-impact mission environment where your analysis directly influences operational decisions and national security outcomes.
group id: 10176392
