Minimum Education. Bachelor's degree or equivalent experience. Minimum Experience 8 Summary. Directs the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. Utilizes cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated, defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Develops an expert understanding of system architecture and the ability to identify security weaknesses that can be exploited to compromise a variety of systems used by the Board. Develops technical products and presents highly technical subjects to a variety of audiences ranging from non-technical senior leaders to highly technical subject matter experts. Directs collaboration with other cybersecurity professionals to develop and implement cybersecurity solutions that enable threat hunt activities. Independently provides technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected. Duties and Responsibilities. Directs and/or participates in implementing cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Directs the development of technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected. Able to oversee characterization and management of complex risks to mitigate cyber threats. Independently and proactively supports analysis of threat intelligence from a variety of sources to understand the nature of the threat, extract the information that informs threat hunt operations, and uses that information to investigate Board IT assets for evidence of an intrusion or compromise. Independently emulates threat actor tactics, techniques, and procedures in a controlled and/or production environment to demonstrate and observe the technical aspects of the emulated activity. Oversees the development of adequate detection strategies and development of mitigations as needed to address the specific details of the threat. Directs the development of programs that apply statistical models, mathematical principles, and other analytic tradecraft to a variety of IT network-generated data for the purposes of identifying anomalous activity, suspicious network activity, and ultimately leads to the discovery of intrusions and/or compromises. Independently identifies and analyzes system-generated logs and captures forensic images of a variety of systems for the purposes of fully analyzing a cybersecurity intrusion and/or compromise. Includes use of subject matter expertise to perform root cause analysis and develop timelines to show the actions taken by a cyber threat actor in an environment. Directs the completion of all phases of the incident response process including identification, containment, eradication, and remediation. Directs the implementation of vulnerability scans and ensures operational systems are adequately patched to protect the Board from potential cyber threat actors. Directs the analysis of vulnerabilities and proof of concept code as it becomes available to assess the technical implications of a given threat and ensure that the Board’s defenses are sufficient. Maintains expert knowledge of ethical hacking principles to apply the skills to the management of vulnerabilities and mitigation of technical risk. Ensures that vulnerabilities are managed and patched according to Board policies and procedures. Directs the development of and/or develops data analytic software and cybersecurity scripts using a variety of programming and scripting languages to enable cybersecurity activities designed to defend the Board’s IT assets. Leads the development of programs, software, and scripts that automate the cybersecurity process. Leads the development of data queries and scheduled jobs designed to correlate data for further analysis. Leads the integration of tools and systems for advanced analysis of relevant data. Independently manages cybersecurity projects focused on developing and instrumenting highly complex, new, and innovative approaches to detect, prevent, and respond to cybersecurity intrusions and/or compromises. Authors documents and oversees the execution of project plans, schedules, requirements, risks, assumptions, cost, performance, and resource utilization. Position Requirements. FR-28 Minimal Qualifications. Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and eight years of experience. Must have expert knowledge in the in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to direct one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication. Remarks: This Principal Cybersecurity Analyst is an individual contributor position responsible for leading the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. The Principal Cybersecurity Analyst implements cyber incident response processes and procedures, contains and evicts cybersecurity intruders, and recovers the network after a confirmed cybersecurity incident. This includes triage of potential incidents, performing technical analysis to confirm incidents, and performing digital forensic investigations where appropriate. The Principal Cybersecurity Analyst will conduct operations in a hybrid environment consisting of a traditional datacenter footprint and a multi-cloud presence. The Principal Cybersecurity Analyst will perform coordination activities and will be expected to perform hands-on technical analysis of logs from servers, hosts, network appliances, and cloud infrastructure as needed, and on a case-by-case basis. The Principal Cybersecurity Analyst will also be expected to engage with internal and external stakeholders, lead the incident response process, and mentor junior staff on cybersecurity practices. This position requires a TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION security clearance. Applicants are required to provide a writing sample of original work. Highly Desirable: - Expert knowledge in at least one of the following areas: cybersecurity operations, cyber threat analysis, intrusion detection & prevention, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, and/or automation. - Ability to provide threat assessments, recommend cybersecurity technologies for intrusion detection and prevention, assess technical vulnerabilities, identifying automation opportunities, investigate and resolve security breaches. - Experience using cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, data analysis platforms, a SIEM, and/or security orchestration tools. - Experience with incident response tools and processes including host forensics, network forensics, log analysis, timeline development, memory acquisition and analysis, image acquisition, etc. - Experience analyzing threat intelligence from a variety of sources to understand the nature of a threat, extract the information that informs threat hunt operations, and uses that information to investigate Board IT assets for evidence of an intrusion or compromise. - Familiarity with relevant policies, procedures, and ability to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. - Demonstrated resourcefulness and advanced critical thinking skills to independently direct, analyze, and implement solutions for all the various complex problems that arise in the administrative and operations area. - Expert technical writing and communications skills. Contacts are often with division leadership, but also with staff at all levels; a significant degree of coordination and contact with other units/sections/divisions may also be required. - Ability to construct clear and concise written work and applies an increasingly advanced understanding of grammar, sentence structure, and intended audience(s) to the process of writing and editing such work. - Ability to explain to cross-team or cross-divisional partners items of high levels of complexity. - Possess skills in negotiation and persuasion in performing duties and influencing support for change. The expected salary range for this role is $144,500 - $275,400. Final offers are determined by experience and education, as well as internal and external factors. This position requires an onsite presence in Washington, D.C.