Data Exploiter (TS/SCI with Poly Required)

Database Analyst Advisor

A qualified Data Exploiter reviews, manipulates, triages, and analyzes large datasets and collections. Candidate is responsible for supporting operational and analytical requirements. Activities include detailed log analysis, network traffic monitoring, and vulnerability risk assessment. The individual will be expected to conduct assessments of software tools and systems to identify vulnerabilities, and work with internal and external technical stakeholders to identify solutions to enrich analysis. Able to follow the entire targeting life cycle by engaging in data exploitation of requirements collection, data analysis, summary and documentation, and actionable information dissemination.

KEY RESPONSIBILITIES

• Track and monitor cyber actors, their activities, and infrastructure to identify potential threats and vulnerabilities.
• Utilize industry-standard commercial and open-source tools for threat intelligence gathering and analysis.
• Conduct proactive threat hunting to uncover malicious activity, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs).
• Chain cyber threat events across multiple data sources to build coherent threat narratives and timelines.
• Analyze network traffic, logs, and endpoints to identify malicious behaviors and anomalous activities.
• Develop actionable intelligence reports and briefings for both technical and non-technical stakeholders.
• Collaborate with incident response, SOC, and other security teams to correlate findings and provide context.
• Maintain an understanding of emerging cyber threats and trends, adjusting hunting techniques accordingly.
• Communicate threat findings and intelligence through clear, concise briefings and visualizations

EDUCATION AND EXPERIENCE

• Bachelor's degree in computer science, information technology, or other related discipline, or equivalent combination of education, technical certifications, training, and work/military experience.

REQUIRED QUALIFICATIONS

• Strong knowledge of common cyber attack methodologies (e.g., MITRE ATT&CK, kill chain models).
• Strong knowledge of TCP/IP communications.
• Proficiency with commercial and open-source threat intelligence tools, such as:
• SIEM (e.g., Splunk, Elastic Stack)
• Network traffic analysis tools (e.g., Zeek, Suricata, Wireshark)
• Threat intelligence platforms (e.g., ThreatConnect, Anomali)
• OSINT tools (e.g., Maltego, Shodan, Censys)
• Endpoint detection and response (EDR) tools (e.g., CrowdStrike, Carbon Black)
• Malware analysis tools (e.g., VirusTotal, Hybrid Analysis)
• Strong analytical skills to identify patterns, anomalies, and relationships between cyber threat events.
• Ability to articulate complex technical findings in clear, accessible briefings and reports.
• Strong written and verbal communication skills, with an emphasis on briefing senior leadership and non-technical stakeholders.
• Experience in creating threat intelligence reports and providing actionable recommendations.

DESIRED QUALIFICATIONS

• Understanding of malware behaviors and basic reverse engineering concepts.
• Experience with automated threat hunting and scripting (e.g., Python, PowerShell).
• Familiarity with cloud environments (e.g., AWS, Azure) and associated cyber threats.
• Experience in a Security Operations Center (SOC) or Incident Response role.
• Experience extracting information of foreign intelligence, counterintelligence and targeting value from digital data.
• Experience producing products that inform operations, drive targeting and collection, contribute to intelligence products, and support multiple customer needs.

GDIT IS YOUR PLACE:

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays

Work Requirements