Cyber Fusion Analyst

About The Position

Requirements

• Bachelor’s Degree with 8+ yrs of experience or Master’s Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold a certification such as CompTIA Security+, CASP+ CE, or CISSP.
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (e.g., CEH, CySA+) or obtain within 180 days.
• Analytic Writing Mastery: Demonstrated ability to synthesize complex technical data into concise, non-technical executive briefings.
• Framework Proficiency: Expert understanding of the Cyber Kill Chain, Diamond Model, and MITRE ATT&CK.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

Nice To Haves

• Fusion Center Experience: Previous experience working within a government or large-scale commercial Cyber Fusion Center (CFC) or Joint Operations Center (JOC).
• Query & Scripting: Proficiency in SPL (Splunk) or KQL (Kusto) for data correlation; Python skills for automating intelligence ingestion and enrichment.
• OSINT & Commercial Portals: Experience utilizing tools like Recorded Future, VirusTotal, or Mandiant Advantage to pivot from external indicators to internal threats.
• Cloud Fusion: Familiarity with fusion analysis within AWS, Azure, or O365 environments, specifically correlating cloud-native audit logs.
• Adversary Emulation: Basic understanding of Red Teaming or Penetration Testing methodologies to better predict adversary movement.

Responsibilities

• Intelligence-Driven Defense: Synthesize external threat intelligence (TTPs, IOCs) with internal hunt telemetry to develop a comprehensive understanding of the adversary's impact on the enterprise.
• Fusion Analysis & Reporting: Author high-impact "Fusion Reports" that blend technical forensics with strategic intelligence to brief senior leadership on trending threats and operational risks.
• Advanced Correlation: Utilize SIEM and Threat Intelligence Platforms (TIP) to correlate global threat actor activity against internal sensor logs, identifying "low and slow" campaigns that span multiple mission sets.
• Adversary Campaign Tracking: Maintain a living "Adversary Encyclopedia" by mapping internal discoveries to the MITRE ATT&CK framework to identify systemic defensive gaps.
• Vulnerability-Intelligence Pairing: Analyze Vulnerability Disclosure Program (VDP) data alongside active threat reporting to prioritize patching efforts based on real-world exploitation trends.
• Tactical Countermeasure Influence: Provide data-backed recommendations to Engineering and DCO teams to adjust firewall rules, EDR policies, and SIEM logic based on emerging fusion findings.
• Indications & Warnings (I&W): Develop and refine custom analytics that provide "early warning" of adversary reconnaissance or pre-exploitation activity targeting the customer enterprise.
• Continuous Knowledge Management: Maintain the "Single Source of Truth" for threat data, ensuring that Hunt, Intel, and Engineering teams are operating from a synchronized set of prioritized threats.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.