Trace Systems

Returning Candidate?

J2 Cyber Intelligence Watch Officer

J2 Cyber Intelligence Watch Officer

Job ID 
# of Openings 
Job Locations 
US-MD-Fort Meade
Posted Date 
Information Technology

More information about this job


Trace Systems, headquartered in Tysons Corner, Virginia, was founded in 1999 to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide cybersecurity, intelligence, communications, networking and information technology services, systems, and solutions to the United States Department of Defense, Intelligence Community and Department of Homeland Security.


Job Title:  J2 Cyber Intelligence Watch Officer


Job Location:  Ft. Meade MD


Security Clearance:  TS/SCI

Job Responsibilities

  • The contractor shall produce predictive all-source intelligence bulletins and briefs related to assigned area of responsibility. These shall include specific changes in tactics, techniques and procedures (TTP) and technical trends in cyber threats directed at the DODIN and U.S. critical infrastructure/key resources (Cl/KR), as required.
  • The contractor shall provide source monitoring activities, cyber threat analysis and aid in the development of mitigation courses of action, provide the actionable intelligence used in DOD Asset protection, strategic cyber threat trending and situational awareness for leadership.
  • The contractor shall compile cyber threat data gathered through independent research and analysis along with Security Operations Center activity, and examining emerging technology, techniques and adversarial capabilities and tactics.
  • The contractor shall maintain situational awareness and conduct research of cyber activity and geo-political situations globally by reviewing open source and classified reporting for new vulnerabilities, malware, or other threats that have the potential to impact the DODIN. Ingest unstructured threat data from other JDOC battle stations with information from internal data sources, content from a commercial threat feed provider, and threat advisories reports/emails. Evaluate intelligence message traffic to further, and gain more tailored collection.
  • The contractor shall on a near real-time basis, analyze cyber threat Indications & Warning and fuse unclassified/open source cyber threat information correlating internal activity to external indicators across numerous boundaries.
  • The contractor shall aid in the development of metrics and to measure the effectiveness of practices and controls to mitigate threats and vulnerabilities; and develop dashboards that illustrate the effectiveness of risk mitigation over time. 
  • The contractor shall coordinate with intelligence community partners, related Law Enforcement (LE) & Counter Intelligence (CI) investigations and operations that cross DOD Component or Federal Department/ Agency bounds through the team Intelligence Watch Outreach shift team member.
  • The contractor shall respond to research requests from stakeholders within a 96 hour window. Once past the 96 hour window the Intelligence Watch Analyst will transfer analytic lead for assigned topic to a member of J2 back office (Intelligence Analysis & Production), and maintain a liaison relationship with the J2 back office till analysis on the topic is completed.
  • The contractor shall alert leadership and DODIN users to emerging threats, provide notifications to responsible personnel so they can proactively address emerging threats, support the development of a cyber operational picture, and provide intelligence product to support defense of the DODIN.
  • The contractors shall provide intelligence analytic support for computer network defense of incidents potentially located on JOA, CCMD networks, SCC networks, or Individual Agency AO’s through operational team members operating JDOC battle stations that support these entities.
  • The contractor shall produce daily intelligence update brief
  • The contractors shall provide Production of Threat Intelligence analysis and periodic articles to help keep management informed of ongoing threats. 
  • The contractors shall evaluate all intelligence message traffic used to inform customers, or in production.
  • The contractor shall provide tippers of potential HUMINT or Counterintelligence leads to JFHQ DODIN J2 for further action.
  • The contractor shall provide change management and update support to keep all Battle Station #5 SOPs and Checklists current
  • The contractor shall prepare and provide shift change brief
  • Perform other duties as requried

Minimum Qualifications

  • BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Analysis, Cyber Security, or another related field of study or equivalent 5+ years performing cyber threat intelligence analysis.
  • Intelligence all-source analysis; Defense Intelligence Analysis Program; intelligence writing and briefing at a senior level is a must.
  • Ability to place threats in the proper context and identify the "so what" for decision makers; ability to communicate technical information to non-technical audiences.
  • Provide cyber threat characterization and indications and warning of threats to the DoDIN.
  • Provide intelligence support and assessments to joint military cyber plans (e.g., Annex B, JPGs, OPTs, etc.).
  • Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask "why", defend your analysis, and apply attribution to cyber threat activity.
  • Technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection.
  • Prepare detailed analysis reports, products, cyber threat assessments, and briefings of security incidents and related intelligence. Establishes criteria and assesses potential impacts of intrusions.
  • Strong analytical and research skills with an extensive understanding of classified research tools and websites. Familiar with the DoD, Intelligence Community, and private sector cyber community. Strong understanding of the Intelligence Cycle. Ability to write detailed and comprehensive cyber intelligence analytical products in a team environment. Self-starter with the ability to engage with cyber intelligence analyst counterparts across the US Intelligence and cyber communities; lead and participate in working groups, conferences, etc.
  • Demonstrated application of intelligence analysis and tradecraft through writing and presentation ability. Writing samples may be required.
  • Ability to present analysis to large groups on a regular basis. Demonstrated expertise using various intelligence and cyber GOTS/COTS analytical tools: Analyst Notebook, Palantir, Intelink, TAC, M3, HOT-R, Sharkseer, SIEM, Pulse, iSpace, etc.
  • Demonstrated ability and flexibility to support planning and execution of military exercises involving cyber defense training objectives (Occasional surge/weekend hours and travel may be required). Strong working ability with all MS Office applications (Word, PowerPoint, Excel, Project, etc.)
  • Must be a US Citizen


Desired Qualifications

Demonstrated understanding of cyber advanced persistent threats, actors, infrastructure, and TTPs.

In-depth knowledge of cultural, social and political activities and threat conditions in foreign countries. Formal training as an intelligence analyst or officer - graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, AirForce, etc.

Experience applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity. Advanced Data Visualization proficiency leveraging COTS/GOTS tools.

Technical Skills proficiency: encryption technologies/standards. Cyber security with cloud technologies, Wireless, IoT, etc.

Existing knowledge of Advanced Persistent Threat activity. Understanding of defensive cyber operations to include incident response.

Experience with joint and combined military exercises. Analyst experience in any Federal Cyber Center (NCTOC, IC-SCC, Cyber Command, CNMF, CPT, JFHQ-Cyber, NCIJTF, DHS US CERT) or Corporate CIRT. A

ny type of cyber related law enforcement or counterintelligence experience. Recent experience performing NETFLOW or PCAP analysis using analysis tools (Wireshark, SourceFire, etc). Experience using ArcSight, FireEye, or other SIEM tools.


Hold one or more of the below certifications:

  • SANS: GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH)
  • (ISC)² Certified Information Systems Security Professional (CISSP)
  • CompTIA Advanced Security Practitioner (CASP)
  • CompTIA Security+, Network+
  • EC-Council Certified Ethical Hacker (CEH)



  • BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence Analysis, Cyber Security, or another related field of study or equivalent 5+ years performing cyber threat intelligence analysis.

Security Clearance

  • TS/SCI


To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading edge company where you can achieve great things while fostering a satisfying and rewarding career progression. Please apply directly through the website at:      #jointracesystems


For any additional questions or to submit any referrals, please contact

Trace Systems is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Connect With Us!

Not ready to apply? Connect with us for general consideration.