INTELLIGENCE OPERATIONS SPECIALIST (CYBER)

Full Job Description

This position is part of the Defense Threat Reduction Agency, Defense Threat Reduction Agency.

The incumbent will be responsible for providing expertise in defensive counterintelligence cyber activities.

The experience described in your resume will be evaluated and screened from the Office of Personnel Management's (OPMs) basic qualifications requirements. See: i.e.

for positions with no IOR: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/0100/intelligence-series-0132/ for OPM qualification standards, competencies and specialized experience needed to perform the duties of the position as described in the MAJOR DUTIES and QUALIFICATIONS sections of this announcement by 02/16/2026 Applicant must have directly applicable experience that demonstrates the possession of the knowledge, skills, abilities and competencies necessary for immediate success in the position.

Qualifying experience may have been acquired in any public or private sector job, but will clearly demonstrate past experience in the application of the particular competencies/knowledge, skills and abilities necessary to successfully perform the duties of the position.

Such experience is typically in or directly related to the work of the position to be filled. You may qualify at the GG -13 , if you fulfill the following qualifications: A.

One year of specialized experience equivalent to the GG/GS-12 grade level in the Federal service as listed below: Conducting cyber threat hunting activities in support of defensive CI Cyber mission using tools and dataset as a credentialed CI agent.

Managing defensive CI activities in support of cybersecurity operations AND/OR plans and policies.

Conducting measures to detect, respond, and/or protect information systems and networks from foreign intelligence threats operating in cyberspace.

Applying digital forensics methodologies, tools and techniques used in data recovery, and/or preservation of electronic evidence in support of CI activities.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience. Major Duties:

As a INTELLIGENCE OPERATIONS SPECIALIST (CYBER) at the GG-0132-13 some of your typical work assignments may include: Conducts defensive Counterintelligence (CI) Cyber activities as delineated in DoD Directive 5240-2 and DoD Instruction S-5240.23 and in accordance with National Counterintelligence Executive (NCIX), DoD and DTRA published standards.

Conducts CI Cyber analysis CI Incident Assessments (CIIAs) and operations to detect, deter, and defeat foreign intelligence cyber threats against DTRA information, information systems, and personnel.

Routinely collects, analyzes, and disseminates information of value to DTRA, Combat Commanders, Law Enforcement, and the IC, answering information gaps for these customers.

Drafts, prepares, and reviews specific operations and intelligence reports. Routinely conducts research and analysis on matters of CI or security concern.

Identifies trends and conducts analysis on CI cyber threats and vulnerabilities. Periodically conducts CI and cyber threat assessments of DTRA and DoD facilities and programs worldwide.

Provides advice and recommendations, as needed, to improve security measures and protect critical information.

Independently plans, prepares and conducts CI and security briefings for DTRA personnel on related cyber matters.

Applies knowledge of foreign intelligence and security services (FISS) operations and terrorist modus operandi in formulating briefings and providing recommendations to senior department officials on cyber threats related to their programs.

Briefs top level agency officials about issues that could impact the agency's mission, planning or personnel.

Establishes and conducts regular liaison with members of law enforcement and intelligence communities to facilitate the exchange of cyber threat information and maintain contacts required to support the mission.

Represents DTRA and participates in intra- and inter-agency conferences and symposia.

Conducts cyber threat hunting activities in support of defensive CI Cyber mission using tools and datasets; including logging tools, network traffic analyzers, and various information systems logs.

Determines the CI involvement resulting from network intrusion events and coordinates with internal and external cyber and CI elements, routinely and as needed.

Works closely with cybersecurity entities within DTRA and its partners, such as Cyber Security Service Provider (CSSPs) teams, Information Assurance elements, and other cybersecurity groups to assess cyber-related incidents and threats for CI and foreign intelligence indicators.

Provides guidance and recommendations to DTRA IT to deter potential foreign cyber threats to DTRA information and information systems.

Extracts, interprets, and analyzes digital evidence from various information systems; including computers, mobile devices, and network assets, using forensic methodology in support of CI activities, assessments, operations, and support to national-level investigative agencies.

Supports DTRA Security and Cybersecurity elements in cases involving digital media, information, and network systems; and other cyber-related issues and incidents.

Examines and analyzes CI evidence and interprets scientific observations and data to render conclusions, form opinions and produce reports using a full range of electronic search methods and forensic examination techniques.