The OTA Analyst conducts in-depth analysis of user activity data employing technical and non-technical disciplines to transform data into actionable information.
The primary area of responsibility for the analyst is to examine and analyze data, prioritize significant events for further investigation, correlate information with other information sources to establish context, and to compile noteworthy information into analytic reports for working groups and senior management.
Additionally, reviewing sensitive electronic and hard copy investigative and intelligence community reporting, collaborating with internal and external entities via working groups, conferences, or task forces, and preparing summary documents, briefings, assessments, graphical representations of data, and other written products is highly encouraged
Investigative Analyst Role
The investigative analyst will perform user activity monitoring, analysis, and reporting, employing technical and non-technical disciplines to transform data into actionable information. The individual will be responsible for conducting in-depth analysis of user activity data and performing data acquisitions from live hosts located worldwide using various Windows and forensics tools, and ensuring chain of custody and control procedures. Detailed documentation of tasks performed is required to support active law enforcement investigations.
- Responsible for the analysis and reporting of technical and intelligence information to provide indications, analysis, and trends identified through behavioral analysis of data
- Perform assessments of malicious or suspicious activities to determine potential security risks
- Prepare comprehensive and detailed court-ready case documentation and written notes and reports regarding findings.
- Assist in the development of OTA program policies, processes, and procedures, provide user support, conduct group training sessions, and provide one-on-one tool training services to case agents and supporting personnel.
- Work location: Rosslyn, VA (full-time, on site)
Required: Basic Requirements
- 4+ Experience in behavioral, audit, security, and/or policy compliance analysis
- Ability to work well with and accept challenges in a fast paced, dynamic, team-based environment
- Ability to write and execute SQL queries
- Experience with Splunk, EnCase, IBM SPSS platform using the Modeler module
- Proficiency in process automation using multiple scripting and development tools including, but not limited to: Shell scripting, PowerShell, Perl, Ruby, or Python
- Enterprise administrative support and deployment of multiple operating systems (e.g. Windows 2008, 2012, Linux)
- Experience in configuring and troubleshooting Windows servers
- Understand and utilize Active Directory Domain Services, DHCP, DNS, WINS, TCP/UDP Ports and Protocols
- Experience working in a virtualized environment (e.g. VMWare)
- Possesses an understanding of networking fundamentals
- Possesses working knowledge of firewall administration
- Strong quantitative and analytic abilities to analyze and validate data
- Ability to demonstrate effective organizational and technical skills
- Detail-oriented and have a strong delivery performance (ability to meet deadlines and requests efficiently, multi-task and establish priorities)
- Ability to quickly learn and understand various company systems
- Proficiency with MS Office Suite products (Excel, Word, Outlook, Visio, PowerPoint, etc.) and Server
Desired Skills: Preferred but not required
- Knowledgeable of Database systems (Oracle and MS SQL)
- Experience with Direct Attached Storage/SAN and RAID.
- Experience with hardware and input/output evaluation and optimization
- Experience with Dell hardware
- Working knowledge of information security and IT standards like ISO27002, NIST, ITIL, etc.
- Experience with designing and implementing data models to drive threat analysis
- Knowledge of cyber threat indicators
- Ability to prepare and present briefings
- Technical knowledge of Microsoft Operating Systems