Cyber Threat Emulation Analyst (Mid-Level) - (ICTEA071425.1)

Position Overview

Cimarron is seeking a mid-level Cyber Threat Emulation Analyst to support the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. This role can be located at either the Redstone Arsenal in Huntsville, AL or Schriever Space Force Base in Colorado Springs, CO and plays a crucial role in strengthening the cybersecurity posture of enterprise networks.

Key Responsibilities

• Perform Defensive Cyber Operations (DCO) and Cyber Security Service Provider (CSSP) tasks in alignment with Evaluator Scoring Metrics (ESM).
• Conduct proactive and reactive cybersecurity operations on customer networks to strengthen enterprise security.
• Analyze threat intelligence and vulnerability data to assess risks and enhance network defense.
• Develop, review, and maintain DCO procedures, processes, and supporting documentation.
• Evaluate the effectiveness of defense-in-depth architecture against known vulnerabilities.
• Produce vulnerability assessment reports and escalate findings as needed.
• Support enterprise-wide Incident Response in accordance with DoD regulations and guidance.
• Lead cyber event and incident investigations including data collection, analysis, and reporting.
• Contribute to Exploitation Analyst training by instructing, evaluating, and mentoring analysts of all levels.
• Review and implement tasking and fragmentary orders issued by Higher Headquarters (HHQ).
• Conduct Cyber Threat Emulation (CTE) activities using Automated Security Validation tools per HHQ directives.
• Execute adversary-based CTE engagements to evaluate detection, alerting, and network response.
• Develop custom dashboards and reports detailing engagement outcomes, vulnerabilities, and remediation recommendations.
• Draft and submit Cyber Tasking Orders (CTOs) to address issues identified during CTE actions.
• Partner with the Cyberspace Domain Awareness (CDA) team to create evaluation criteria aligned with HHQ inspections and industry standards.

Required Qualifications

• U.S. citizenship required due to facility security requirements.
• Must possess a valid, unexpired Real ID-compliant driver's license or state-issued identification card.
• Active Secret Clearance (or higher).
• 6+ years of full-time work experience.
• 4+ years of experience in manual or automated penetration testing, vulnerability assessment, cybersecurity frameworks, or incident response and enterprise-level monitoring.
• Current DoD 8570.01-M IAT Level II certification with continuing education (e.g., CySA+, GICSP, GSEC, Security+ CE, SSCP).
• Ability to obtain a PenTest+ Certification within 6 months of the start date.

Preferred Qualifications

• Current PenTest+ Certification.
• Active Top Secret Clearance.
• Experience with Cyber Threat Emulation tools, policies, and procedures.
• Experience operating custom software in a Linux environment.
• Experience with security analysis and solutions in WAN/LAN environments, including routers, switches, and network devices on Windows and Linux.
• Experience using Security Operations Center (SOC) or Defensive Cyber Operations (DCO) tools such as firewalls, IDS/IPS, and network security managers.
• Experience performing security compliance scans (ACAS/Nessus preferred).
• Background in configuration, troubleshooting, and deployment of host-based security solutions.
• Ability to mentor and train personnel in a dynamic, fast-paced environment.
• Familiarity with DoD Security Operations Centers (SOC) and associated cybersecurity service provider practices.
• Bachelor's degree (or higher) in Cybersecurity, Computer Science, or a related field.

Benefits & Perks

• Competitive Salaries that recognize your contributions.
• Health, dental, and vision insurance.
• 401(k) contributions.
• Educational reimbursement.
• Inclusive culture with company-wide communications, awards programs, and initiatives ensuring you feel like a valued member of the Cimarron family.