By Light Professional IT Services

Returning Candidate?

Cyber Intel Watch Officer - JDOC (TS/SCI)

Cyber Intel Watch Officer - JDOC (TS/SCI)

# of Openings 
Job Locations 
US-MD-Fort Meade
Posted Date 
Information Technology

More information about this job


By Light is hiring a Cyber Intel Watch Officer to join our team supporting the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN), in the J23 (JDOC). The Cyber Intel Watch Officer will produce predictive all-source intelligence bulletins and briefs related to assigned area of responsibility. These shall include specific changes in tactics, techniques and procedures (TTP), and technical trends in cyber threats directed at the DODIN and U.S. critical infrastructure/key resources (Cl/KR), as required. This position is a shift work position and could require you to work day shift, afternoons, or overnight, as well as weekends and holidays.


By Light is an IT products and services firm specializing in software development, satellite/terrestrial communications, cyber security, and network engineering/design. Headquartered in Arlington, VA, we provide support worldwide to DOD, Federal Civilian, and Health IT customers.


  • Provide source monitoring activities, cyber threat analysis and aid in the development of mitigation courses of action, provide the actionable intelligence used in DOD Asset protection, strategic cyber threat trending and situational awareness for leadership.
  • Compile cyber threat data gathered through independent research and analysis along with Security Operations Center activity, and examining emerging technology, techniques and adversarial capabilities and tactics.
  • Maintain situational awareness and conduct research of cyber activity and geo-political situations globally by reviewing open source and classified reporting for new vulnerabilities, malware, or other threats that have the potential to impact the DODIN. Ingest unstructured threat data from other JDOC battle stations with information from internal data sources, content from a commercial threat feed provider, and threat advisories reports/emails. Evaluate intelligence message traffic to further, and gain more tailored collection.
  • Analyze cyber threat indications & warning and fuse unclassified/open source cyber threat information correlating internal activity to external indicators across numerous boundaries.
  • Coordinate with intelligence community partners, related Law Enforcement (LE) & Counter Intelligence (CI) investigations and operations that cross DOD Component or Federal Department/ Agency bounds through the team Intelligence Watch Outreach shift team member.
  • Respond to research requests from stakeholders within a 96 hour window. Once past the 96 hour window the Intelligence Watch Analyst will transfer analytic lead for assigned topic to a member of J2 back office (Intelligence Analysis & Production), and maintain a liaison relationship with the J2 back office till analysis on the topic is completed.
  • Alert leadership and DODIN users to emerging threats, provide notifications to responsible personnel so they can proactively address emerging threats, support the development of a cyber operational picture, and provide intelligence product to support defense of the DODIN.
  • Provide intelligence analytic support for computer network defense of incidents potentially located on JOA, CCMD networks, SCC networks, or Individual Agency AO’s through operational team members operating JDOC battle stations that support these entities.
  • Produce daily intelligence update brief.

Required Experience/Qualifications

  • 2+ years performing cyber threat intelligence analysis.
  • Intelligence all-source analysis; Defense Intelligence Analysis Program; intelligence writing and briefing at a senior level is a must.
  • Ability to place threats in the proper context and identify the “so what” for decision makers; ability to communicate technical information to non-technical audiences.
  • Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask “why”, defend your analysis, and apply attribution to cyber threat activity.
  • Strong understanding of the Intelligence Cycle.
  • Ability to write detailed and comprehensive cyber intelligence analytical products in a team environment.
  • Strong working ability with all MS Office applications (Word, PowerPoint, Excel, Project, etc.).

Preferred Experience/Qualifications

  • Technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection.
  • Demonstrated expertise using various intelligence and cyber GOTS/COTS analytical tools: Analyst Notebook, Palantir, TAC, M3, HOTR, Sharkseer, SIEM, Pulse, iSpace, etc.
  • Demonstrated ability and flexibility to support planning and execution of military exercises involving cyber defense training objectives (Occasional surge/weekend hours and travel may be required).

Special Requirements/Security Clearance

  • Clearance: Active DOD TS/SCI
  • This position is a shift work position and could require you to work day shift, afternoons, or overnight, as well as weekends and holidays.


An Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities