Job Description

Cyber Threat Analyst

5 Year DoJ Contract | Chantilly, VA

Amatriot is seeking a Cyber Threat Analyst to support a Cyber Technical Analysis Unit in

analyzing cyber intrusion activity, digital communications, and host/network forensic artifacts in

support of DoJ mission operations. This role is focused on cyber threat analysis, intrusion

investigation, host-based forensic analysis, network traffic analysis, and attribution support

within a highly sensitive operational environment. The ideal candidate will possess experience

analyzing Splunk data, conducting host and network forensic analysis, and utilizing industrystandard

forensic and cyber analysis tools to identify malicious activity, recover artifacts, and

support investigative operations.

Responsibilities

• Process, evaluate, and analyze digital network communications and cyber threat data to

identify malicious activity and support investigative operations.

• Conduct cyber intrusion investigations and end-to-end kill chain analysis across host and

network environments.

• Perform host-based forensic analysis leveraging Splunk and standard forensic toolsets

to identify indicators of compromise, attacker activity, persistence mechanisms, and

unauthorized access.

• Analyze packet capture (PCAP) and NetFlow data to identify malicious communications,

software usage, command execution, credential activity, and network-based indicators of

compromise.

• Correlate digital artifacts including IP addresses, URLs, malware indicators, system logs,

and user activity across multiple data sources to support attribution and investigative

lead generation.

• Analyze encrypted and plaintext credentials, registry artifacts, rootkit activity, commandline

execution, and other system-level forensic evidence.

• Draft detailed technical reports and analytical findings based on cyber investigations

while participating in internal review and quality assurance processes.

• Support development and refinement of cyber analysis processes, CONOPS, SOPs,

and investigative methodologies.

• Conduct open-source and intelligence community research to maintain awareness of

emerging cyber threats, malware trends, and adversary tactics, techniques, and

procedures (TTPs).

• Collaborate with internal teams and mission partners across the intelligence community

to support tactical and strategic cyber operations.

• Provide operational updates and analytical findings to leadership and investigative

stakeholders.

Required Skills & Experience

• Active Top Secret Clearance required, with willingness and ability to obtain a Counter

Intelligence (CI) Polygraph.

• BS/BA degree with 5+ years of relevant experience or 9 years with no degree. Advanced

certifications, specialized training, or equivalent hands-on experience may be considered

in lieu of years of experience

• Experience performing host-based forensic analysis utilizing Splunk.

• Experience analyzing network traffic, packet capture (PCAP), and NetFlow data.

• Hands-on experience with industry-standard forensic tools such as:

o Splunk

o EnCase

o Magnet AXIOM

o X-Ways Forensics

• Understanding of cyber intrusion methodologies, attacker kill chains, malware behavior,

and forensic artifact analysis.

• Experience correlating threat indicators and investigative data to support attribution and

operational analysis.