Mission:
Quantum Research is seeking an experienced
Cyber Defense Analyst As a member of the National Geospatial-Intelligence Agency (NGA) Defender Automation and Optimization team, the contractor strategically analyzes multi-source cyber intelligence, system vulnerabilities, and enterprise risk data to direct mitigation efforts, guide executive decision-making, and safeguard critical agency assets from emerging threats. This position is onsite (no remote/hybrid option) and available immediately in Springfield, VA.
Responsibilities:- Govern and evaluate systems across the agency, establishing and assigning authoritative threat scores based on complex, evolving risk criteria. Maintain the official methodology and documentation for the threat-scoring framework.
- Serve as a key analytical authority by reviewing and providing decisive, risk-based feedback on Committee on Foreign Investment in the United States (CFIUS) cases. Author formal, high-stakes written assessments identifying critical cyber risks for national security-level files.
- Direct weekly High-Risk Assessments outreach to program owners, identifying risks and non-compliant areas, and negotiating tailored remediation strategies to drive down the agency's overall risk posture.
- Facilitate the prioritization, tracking, and continuous threat monitoring of the agency's Top 10 mission-critical systems to ensure persistent visibility of high-consequence enclaves.
- Conduct proactive intelligence research into emerging cyber threats, tactics, techniques, and procedures (TTPs) that present a direct hazard to agency networks.
- Lead the preparation, aggregation, and timely delivery of the quarterly Cyber Risk Posture Report and its accompanying Executive Summary.
- Directly support the preparation for weekly briefings to the CISO and Deputy CISO, translating technical vulnerabilities and threat metrics into clear, actionable executive talking points.
- Extract, aggregate, and analyze threat and vulnerability metrics from enterprise databases and big data platforms to validate the integrity and quality of risk posture reporting, without requiring developer-level database administration or programming.
- Maintain and update progress, schedule milestones, and track suspense dates for all branch threat assessment activities in the team's Integrated Master Schedule.
- Support the continuous improvement and streamlining of the Risk Management Framework (RMF) process and associated compliance timelines by providing analytic feedback to shorten system authorization wait times.
- Collaborate with development and analytics teams to design and refine high-impact visual dashboards (e.g., in Tableau) that clearly illustrate threat levels and compliance gaps to stakeholders.
Requirements:- TS/SCI eligible, subject to CI Polygraph.
- Bachelor's in a relevant field such as Cybersecurity, Information Systems, Information Technology, Computer Science, etc plus at least three years of progressive cyber defense, threat analysis, or IT risk management experience.
- In lieu of degree, candidates may qualify with equivalent professional experience combined with one of the following baseline certifications: Security+, CEH (Practical), GMON, GRID, Cloud+, FITSP-O, GCED, GDSA, GSEC, or PenTest+.
- Deep knowledge of risk management processes, specifically assessment, mitigation, and documentation methodologies.
- Experience utilizing enterprise databases such as Palantir Foundry, Army Vantage/Army Data Platform, Databricks, Snowflake, Fabric etc and basic query techniques to extract and aggregate threat metrics.
- Thorough understanding of cybersecurity threats, vulnerabilities, threat vector characteristics, and threat-actor target behaviors.
- Familiarity with translating analysis requirements into functional designs for visualization platforms like Tableau, Microsoft Power BI, etc.
- Skill in translating complex technical data and cyber risk concepts clearly to all levels of management, including senior executives (CISO/Deputy CISO).
- Skill in extracting and analyzing large, incomplete, or complex datasets to compile finished, highly credible intelligence and risk posture reports.
- Ability to function effectively and adaptably in a dynamic, collaborative, and fast-paced environment.
- Skill in evaluating data source and information quality to mitigate cognitive biases or deception in threat analysis.
- Ability to think like a threat actor, anticipating adversary intent and methodologies.
- Ability to accurately and completely source all data used in assessments to guarantee analytical credibility for leadership decision-making.
#LI-JL1 #Onsite