Cyber Security Analyst

Full Time
Merrifield, VA
Areas of Interest: All Source Intelligence, Threat Analysis
report a problem

OVERVIEW: phia LLC is seeking talented cyber security analyst candidates to support various Federal and DoD Security Operations Centers.

FOCUS: phia LLC is interested in connecting with individuals who have experience and skills which cover the following:

Threat Analysis and Intel:

  • Tracking indicators, tactics, tools, malware, infrastructure, exploits, and intelligence associated with Advanced Persistent Threats (APT)
  • Building and documenting profiles of APT groups and tracking changes over time (targeting, tactics, capabilities)
  • Analyzing data associated with APT and using that analysis to identify other activity through pivoting and link analysis
  • Create signatures (e.g. Yara) to monitor and identify indicators associated with APT to utilize in Virustotal (or other datasets) and in support of network defense and incident response efforts
  • Develop and document mitigation plans to combat new APT tactics based upon current trends

Security Monitoring and Network Analysis:

  • Monitor analytics, events, and alerts to identify threats through host, network, and event aggregation systems (e.g. Security information and event management (SIEM))
  • Prioritize alerts and perform initial triage of incidents through data collection and escalation to appropriate teams
  • Analyze packet captures, write Berkley Packet Filters (BPFs) and netflow records to identify anomalous or malicious activity
  • Ability to identify within packet captures layer 7 protocols and analyze them for malicious activity such as suspicious DNS request, HTTP/S user-agents and smtp message headers

Computer Network Defense:

  • Engineer, test, and deploy security technologies to monitor for malicious or anomalous activity
  • Develop, test, and deploy custom network or host signatures (Yara, IDS, etc)

Malware Analysis:

  • Perform detailed analysis of malware or associated tools utilizing industry standard software (e.g. IDA Pro) and document functionality in a technical report
  • Develop decoders and de-obfuscation tools which enable analysts to perform rapid triage of indicators
  • Develop custom signatures to detect analyzed threats (Yara, AV, IDS)

Incident Response and Forensic Analysis:

  • Utilize common industry tools to identify malicious activity (Encase/FTK, FireEye/Mandiant, Volatility, etc.)
  • Deep knowledge of Auto-Start Extensibility Points (ASEP) to include Powershell, WMI
  • Cross-platform knowledge (e.g. Windows and Linux)
  • Ability to create plans to eradicate and mitigate infected network and systems (recovery)
  • Collect associated indicators and recommend signatures or other methods to detect analyzed threats for any future incidents

Security Architecture:

  • Strong familiarity with security functionalities of Active Directory (e.g. Pass the Hash defenses)
  • Design, test, and deploy Security information and event management systems (e.g. Splunk, ArcSight)
  • Field and test new security technologies and create deployment plans
  • Deep understanding of common risk mitigation technology

Tool Development/Analytics:

  • Strong programming skills (Python desired)
  • Develop tools to automate and enable analysts to enhance speed of tracking, detecting, and responding to cyber threats
  • Develop logic and code for analytics against small and large datasets


(Penetration Testers, Cyberspace Analyst Level I, Cyberspace Fires (Targets) Analyst Level I and II, Cyberspace Joint Ops Planner Level I, II and III, Knowledge Management Specialist Level II, Malware Analyst Level III, Operations Research Analyst Level I, SharePoint Developer Level III, Systems Engineer Level II; Rapid Prototyping Developer; System Engineer; Security Information & Event Manager Engineer; Software Engineer)



  • Security Clearance (TS/SCI with polygraph highly desired)
  • Relevant work experience in cyber security
  • Strong communications and technical writing skills
  • Strong team player with the ability to conduct daily duties autonomously
  • Bachelor of Science or IT related field of study
  • Familiarity with SOC/NOC operations
  • Familiarity with Kill Chain for incident response
  • Experience using a variety of commercial security tools and products
  • Relevant technical certifications (CISSP, CEH, GCIH, etc.)

WORK SCHEDULE: Seeking for all Shifts

WORK LOCATION: Merrifield or McLean, VA


phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance the work-life balance, these include the following:
  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance

Share this job:

phia, LLC

phia, LLC is a Northern Virginia based, 8(a) certified small business established in 2011 focused on the Cybersecurity and Information Technology (IT) space. Functional areas include Cyber Intelligence, Cyber Defense (Detection & Prevention, Intrusion Analysis, Incident Handling/Response, Mitigation/Countermeasure Development and Execution, Forensic Media Analysis, Malware Analysis & Reverse Engineering), Cyber Architecture & Engineering, Cyber Capability Analysis, Cyber Policy & Strategy, Information Assurance, Compliance, Certification & Accreditation, Communications Security, and Personnel, Physical and Facilities Security. phia also provides cyber operations support functions such as Program Management, Process Management & Optimization, Software Development and Network & Systems Engineering and Administration. We provide support across the public (Defense, Intelligence and Federal Civilian) and private sectors.

Cybersecurity, Cyber Operations, Cyber Analysis, Intrusion Detection/Prevention, Incident Response, Information Assurance, Forensic Media Analysis, Malware Analysis & Reverse Engineering, Cyber Intelligence, Information Technology, Security Architecture
Visit phia, LLC's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Privately Held
Company Size: 11 - 50