Cyber Threat Emulation & Analyst

Lackland Air Force Base, San Antonio, TX, USA Req #5591
Friday, August 25, 2023

STS Systems Support, LLC. (SSS) is seeking a Cyber Threat Emulation & Analyst

  • DoDD 8570.01‐M/8140.01 I AT Level III CND
  • Active TS/SCI
  • Five years' of penetration testing experience. BA/BS or MA/MS
  • Five (5) years of penetration testing experience.
  • Demonstrated advanced knowledge of cyber security operations with master of two or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation.
  • Experience with PowerShell, BASH or Python scripting/programming language.
  • Must have a strong understanding of Linux Operating System.
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)



  • Conduct both automated and manual enterprise vulnerability assessments, including conducting regular patch & configuration vulnerability assessments as directed by operational flight leads.
  • Conduct Cyber Threat Emulation operations, and coordinate with security teams to strengthen the overall security posture of the AFNet and AFIN various tools and capabilities.
  • Test for real‐time security vulnerabilities, conduct assessments, and assess vulnerability risk and impact.
  • Continuously develop and maintain safe and valid procedures to actively test Enterprise defensive measures. (CDRL A007 & A008)
  • Develop mitigations, policies, and procedures to coordinate with internal teams. (CDRL A007)
  • Work with incident response team to develop response policies and procedures.
  • Generate threat intelligence indicators during the course of Cyber Threat Emulation operations and provide reports back to operators. (CDRL A008)
  • Coordinate with internal and external intelligence teams in order to replicate threat actor (TA) Techniques, Tactics, and Procedures (TTPs).
  • Research & Evaluate threats and vulnerabilities to assist in the prioritization of remediation actions.
  • Utilize knowledge and understanding of the Cyber Threat Framework (ODNI) and production of Threat Emulation findings.
  • Utilize the MITRE ATT&CK framework to perform cyber security operations testing, and develop improvements based upon adversary behavior.
  • Formulate, lead and persuade individuals, large teams and communities on ideas, concepts, and opportunities.
  • Leverage research, frameworks, and best practices on the latest exploits and security trends and currency on industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
  • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
  • Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
  • Provide information to operational leaderships tasking as required as it relates to CTE actions

Other details

  • Pay Type Salary
Location on Google Maps
  • Lackland Air Force Base, San Antonio, TX, USA