1-year non-reimbursable assignment
CISA
Threat Operations Analyst
Series Requested: 0132
Security Clearance: TS/SCI
Virtual/Remote: No Only current, full-time federal employees are eligible. Resumes are reviewed every 30 days until selection/closing date. This is a Detail, not a Developmental Rotation. Supervisory approval form must be signed.
Summary
1-year non-reimbursable assignment
CISA
Threat Operations Analyst
Series Requested: 0132
Security Clearance: TS/SCI
Virtual/Remote: No Only current, full-time federal employees are eligible. Resumes are reviewed every 30 days until selection/closing date. This is a Detail, not a Developmental Rotation. Supervisory approval form must be signed.
This detail opportunity is for current competitive and excepted service employees only. If
you are not a current federal civilian employee you will not be eligible for this position. DHS Joint Duty Assignments do not apply to members of the Military service or contractors.
The joint duty assignment will serve a role as an analyst on CISA's Cybersecurity Division (CSD)- Joint Cyber Defense Collaborative (JCDC) - Chief of Ops Office(COP) Analytical and Triage team. The analyst will participate on a team responsible for the initial triage and analysis of International, Federal, Industry, State Local Tribal Territorial partner shares of cyber information. Analysts will act as SMEs during technical exchanges with partners, for scoring of CSD and JCDC operational priorities based on available information, and for sharing back information that has been enriched from CISAs holdings.
Must have supervisory approval to apply to the Joint Duty Assignment. DHS 250-2 Application Form under "required documents" section.
Must NOT have any pending/outstanding disciplinary actions
Must have achieved a minimum of "meet expectations/proficiency" on latest performance appraisal/evaluation
Must be currently at the grade level of the detail. *No Temporary Promotion Opportunity*
The program does not apply to members of the Military service or contractors.
Qualifications
Qualifications required:
Access to a SCIF
Combined 7+ years' experience in any number of cybersecurity fields (preferably network, host, and intelligence analysis)
Strong network-based analysis and analytic discovery skills (e.g., knowledgeable about common network/security protocols [HTTP, SSL, SSH, DNS/secure DNS, etc.], including ability to identify normal vs. abnormal behavior)
Familiarity with host-based anomaly detection (e.g., have basic understanding of what normal process trees look like, vs. malware injection into a process, etc.)
Experience connecting open-source information with network and/or host-based anomalies (e.g., identifying cyber threat intelligence about suspicious processes, finding new insights through tools such as VirusTotal, understanding of how to find threat intelligence about malformed HTTP traffic, etc.)
Familiarity working with public/purchased Cyber Threat Intel (CTI) feeds/data (e.g., Crowdstrike reporting, GreyNoise, RecordedFuture, Palo Alto Xpanse, or others)
Excellent time-management skills with the ability to work in a collaborative team on a common project/event, as well as on your own.
Excellent mission documentation skills; familiarity with ServiceNow, Confluence, and JIRA is a plus.
Comfort to autonomously engage with others across the Agency/organization to obtain relevant information in support of unique mission needs.
Familiarity with Red Teaming / Cyber exploitation concepts (e.g., killchain, MITRE ATT&CK, common hacker tools such as Metasploit/Meterpreter, Kali linux, etc.)
Ability to code/script simple programs and functions in Python, bash, powershell, etc., to enable analytic triage and automation.
Familiarity with Amazon AWS/S3, Jupyter Notebooks, and experience using specific CTI APIs is a plus; fusing multiple mission-relevant data streams is a highly desired.
Broad familiarity with the tactics, techniques, procedures (TTPs) of nation-state and/or ransomware actors is desired; specialization in key nation-state intel a plus.
Excellent technical reasoning skills / considers analysis of competing hypothesis (ACH) / values quality over quantity / proactive & self-starting approach to work.
Please read the following important information to ensure we have everything we need to consider your application:
It is your responsibility to ensure that you submit appropriate documentation prior to the closing date. Your resume serves as the basis for qualification determinations and must highlight your most relevant and significant experience as it relates to this Joint Duty assignment opportunity announcement.
Be clear and specific when describing your work history since human resources cannot make assumptions regarding your experience. Your application will be rated based on your resume.
Please ensure EACH work history includes ALL of the following information:
Job Title (Include series and grade of Federal Job)
Duties (Be specific in describing your duties)
Name of Federal agency
Supervisor name, email, and phone number
Start and end dates including month and year (e.g. June 2007 to April 2008)
Education
EDUCATIONAL SUBSTITUTION: There is no educational substitution for this position.
Additional information
**DHS does not offer any additional benefits beyond that which the Federal employee is already receiving.
If the position requires a security clearance, employees must have a SECRET or TOP SECRET clearance to placement AND must maintain that level of clearance while performing in the position.
Selected applicants for a JDA are requested to fulfill the items below during the JDA:
Complete the DHS Training Course 15 days prior to the arrival to the JDA.
Complete the DHS Joint Duty Assignment Progress Plan to include:
Phase 1: Establish assignment objectives within the first 30 days of the JDA.
Phase 2: Complete a self-assessment of the duties performed at the mid-point of the JDA.
Phase 3: Complete a final review within the last 30 days of the JDA.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
How you will be evaluated
You will be evaluated for this job based on how well you meet the qualifications above.
We will review your resume and supporting documentation to ensure you meet the basic qualification requirements. If you meet the minimum qualifications, your experience, education, and training will be rated using a job questionnaire based on the competencies or knowledge, skills, and abilities needed to perform this Joint Duty Assignment.
If you are among the best qualified, you may be referred to the hiring manager for consideration and may be called for an interview. After reviewing your resume and supporting documentation, a determination will be made. You must submit the supporting documents listed under the required documents section of this announcement.
Note: DHS continues to take necessary steps to keep our workforce safe amid the COVID-19 pandemic. If you receive a final Joint Duty Assignment offer to onboard, please complete the onboarding requirements and/or forms and submit them electronically in an expeditious manner. Your start date may be delayed if the action above is not completed.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
1. Resume: Do not include any personally identifiable information (PII) i.e., home address, social security number, or date of birth. Your resume must clearly demonstrate you have experience which meets the requirements of this position as outlined in the "Qualifications" section.
2. SF-50: Submit a copy of your official SF-50 (no text version) or other official "Notification of Personnel Action" document which shows the following information:
Your appointment in the Federal service
Tenure
Grade and Step
Full performance level
If your SF-50(s) does not provide the information needed to make a final determination for qualification, you will be found ineligible for the position.
3. DHS Joint Duty Assignment Application Form signed by your supervisor. Please click on the following link to access the required form DHS Form 250-02.
All applicants are encouraged to apply online. To apply for this position, you must complete the questionnaire and submit the documentation specified in the Required Documents section. The complete application package must be submitted by 11:59 PM (ET) on 06/30/2025 to receive consideration.
To begin, click Apply Online to create a USA JOBS account or log in to your existing account. Follow the prompts to select your USA JOBS resume and other supporting documents, and complete the questionnaire.
Click Submit My Answers to submit your application package. NOTE: It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date.
To verify your application is complete, log into your USAJOBS account, https://my.usajobs.gov/Account/Login, select the Application Status link, and then select the more information link for this position. The Application page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process. To return to an incomplete application, log into your USAJOBS account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJOBS account or your application will be incomplete.
Department of Homeland Security Headquarters
OCHCO/HRMS/MS #0170
6595 Springfield Center Drive
Springfield, VA 20598-0170
US
Next steps
Once you submit your application, we will assess your experience and training, identify the best qualified applicants, and refer those applications to the selecting official for further consideration and a possible interview. We will notify you by email at various stages in the process. Your status will also be updated on USAJOBS throughout the process. To check your status, log on to your USAJOBS account, click on "Application Status," and then click "More Information." We expect to make a final JDA offer within 90 days after the deadline for applications. If you are selected, we will conduct a suitability/security background investigation.
Telework: Telework eligibility is based on the needs of the office and is subject to change.
Additional information pertaining to your interest and availability for this position may be needed after the closing date of the Joint Duty Assignment vacancy announcement; therefore, a timely response to these requests must be adhered to in order to remain in consideration.
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
1. Resume: Do not include any personally identifiable information (PII) i.e., home address, social security number, or date of birth. Your resume must clearly demonstrate you have experience which meets the requirements of this position as outlined in the "Qualifications" section.
2. SF-50: Submit a copy of your official SF-50 (no text version) or other official "Notification of Personnel Action" document which shows the following information:
Your appointment in the Federal service
Tenure
Grade and Step
Full performance level
If your SF-50(s) does not provide the information needed to make a final determination for qualification, you will be found ineligible for the position.
3. DHS Joint Duty Assignment Application Form signed by your supervisor. Please click on the following link to access the required form DHS Form 250-02.
All applicants are encouraged to apply online. To apply for this position, you must complete the questionnaire and submit the documentation specified in the Required Documents section. The complete application package must be submitted by 11:59 PM (ET) on 06/30/2025 to receive consideration.
To begin, click Apply Online to create a USA JOBS account or log in to your existing account. Follow the prompts to select your USA JOBS resume and other supporting documents, and complete the questionnaire.
Click Submit My Answers to submit your application package. NOTE: It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date.
To verify your application is complete, log into your USAJOBS account, https://my.usajobs.gov/Account/Login, select the Application Status link, and then select the more information link for this position. The Application page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process. To return to an incomplete application, log into your USAJOBS account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJOBS account or your application will be incomplete.
Department of Homeland Security Headquarters
OCHCO/HRMS/MS #0170
6595 Springfield Center Drive
Springfield, VA 20598-0170
US
Next steps
Once you submit your application, we will assess your experience and training, identify the best qualified applicants, and refer those applications to the selecting official for further consideration and a possible interview. We will notify you by email at various stages in the process. Your status will also be updated on USAJOBS throughout the process. To check your status, log on to your USAJOBS account, click on "Application Status," and then click "More Information." We expect to make a final JDA offer within 90 days after the deadline for applications. If you are selected, we will conduct a suitability/security background investigation.
Telework: Telework eligibility is based on the needs of the office and is subject to change.
Additional information pertaining to your interest and availability for this position may be needed after the closing date of the Joint Duty Assignment vacancy announcement; therefore, a timely response to these requests must be adhered to in order to remain in consideration.
Fair and transparent
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
