Signals Intelligence Analyst
Collects, processes, and analyzes signals intelligence from electronic emissions. Exploits SIGINT to identify threat capabilities, activities, and intentions in support of military operations.
“You'll analyze signals intelligence — intercepted electronic communications, radar emissions, and electronic signatures — to identify adversary capabilities, intentions, and locations. SIGINT analysis is at the core of the NSA mission, and the agency recruits 35N veterans consistently. Defense contractors supporting NSA and other IC agencies are a second pipeline. The TS/SCI clearance with SIGINT experience is one of the highest-value intelligence credentials in the post-military job market, with starting salaries in cleared contractor roles commonly starting at $90-110K.”
You analyze SIGINT — signals intelligence derived from communications and electronic emissions — and produce intelligence products that inform commander decisions and feed into national-level reporting. The analysis work is mentally demanding in the way that working with large volumes of raw intelligence always is: pattern recognition, language context (even in translation), technical signals analysis, connecting dots across reporting streams to produce assessments that are accurate without being more certain than the evidence supports. Your training gives you NSA-validated methodologies and access to collection that no civilian analyst has. The classification architecture around SIGINT means your clearance is not just TS/SCI but typically includes additional accesses that are genuinely rare and genuinely valuable in the cleared community. NSA, DIA, CIA, and the major defense contractors supporting these agencies are your natural post-service employers. The SIGINT analyst community is small enough to know each other and large enough to have real career ladders. The work is often sensitive enough that what you did stays classified long after you leave. You will be vague at dinner parties for the rest of your life and it will bother you less than you expect.
Execute the Job — By Rank
How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.
You are the junior Signals Intelligence analyst. You hold a TS/SCI with a polygraph and zero credibility — your job for the next 18-24 months is to earn the second one so the first one is worth carrying.
You came out of AIT at Goodfellow AFB, Texas — the joint cryptologic schoolhouse the Army, Air Force, Navy, and Marines share, with the 312th Training Squadron hosting and Army cadre teaching the 35N pipeline. The course is long (~25+ weeks of pipeline depending on follow-ons) and graded hard, because every chair you fill downstream is an NSA-tasked seat in the Service Cryptologic Component. You showed up to your first unit — most likely the 706th MI Group at Fort Eisenhower (formerly Fort Gordon, the Cyber Center of Excellence and home of ARCYBER), an INSCOM theater intel brigade (470th at JBSA-Fort Sam Houston, 500th at Schofield Barracks, 501st in Korea, 66th in Europe), the 780th MI Brigade at Fort Eisenhower for the cyber-SIGINT fusion line, or a Cyber Mission Force seat detached to NSA/CSS Fort Meade. The senior analyst on the team handed you a JWICS account, an NSANet account, a reading queue from the National Cryptologic School (NCS), and a Job Qualification Record (JQR) you have 12 months to start closing out. Most of your week is shadowing a certified analyst at a position you cannot drive alone yet, consuming on-the-job training, and grinding through the unglamorous part — SCI in-processing, polygraph re-scope paperwork, IAT-II prerequisite study, SAEDA / TARP / cyber-awareness ticklers, classified destruction logs under AR 380-5, and the OJT signoff book the senior NCO inspects every Friday.
- 01Operate inside an NSA-tasked SCIF to AR 380-5, AR 380-67, DoDM 5105.21, and ICD 705 standards — badge discipline, two-person integrity, no classified discussion outside spaces rated for it.
- 02Read SIGINT product traffic on JWICS and NSANet — COMINT, ELINT, FISINT — and write a one-paragraph BLUF a senior analyst can put in front of the watch chief without rewriting.
- 03Drive the basic analyst tooling on the cryptologic enterprise — query, pivot, plot, log every action, and never run on another analyst's credentials.
- 04Apply the analytic standards from ICD 203 (sourcing, confidence, alternative analysis) to anything you produce, even at the trainee level — and cite per ICD 206 every time.
- 05Sit a position under qualification — shadow the certified analyst, run the JQR / OJT book, ask the question before you press the key, not after.
- 06Pass IAT-II baseline (Security+ CE typical) per DoDM 8140 — the workforce qualification framework gates every position you are trying to qualify on.
- —ATP 2-22.6 — Signals Intelligence (the Army doctrine for the discipline; read it cover-to-cover your first quarter).
- —FM 2-0 — Intelligence; ADP 2-0 — Intelligence (the doctrine spine).
- —EO 12333 — US Intelligence Activities (the executive-order frame for everything you touch); DoDD 5240.01 — DoD Intelligence Activities.
- —USSID-series — United States Signals Intelligence Directives (the cryptologic enterprise rulebook; read the volumes your team certifies you on, do not freelance).
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — Threat Awareness and Reporting Program (TARP); AR 380-67 — Personnel Security.
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements; ICD 705 — SCIF standards; DoDM 5105.21 — SCI Administrative Security Manual.
- —STP 34-35N tasks signed off and JQR / OJT first-position qualification inside the published timeline — most teams expect first position-quals inside 12-18 months.
- —IAT-II baseline credential current per DoDM 8140 (Security+ CE typical); follow-on cryptologic-school seats at the National Cryptologic School (NCS) at Fort Meade as the unit slots them.
- —TS/SCI with the appropriate polygraph (CI poly minimum; FS poly for some compartmented work) maintained without a flag. One mishandling incident and the SSO pulls your access that afternoon.
- —ACFT 500+ floor — analytic work is sedentary by design; the Army standard does not move.
- —Annual SAEDA / TARP / cyber awareness / OPSEC / insider-threat / USSID-compliance training complete before the suspense. Your name on the brigade non-compliance roll is the wrong way to be noticed.
- —Taking a phone, smartwatch, fitness tracker, or any personal electronic into the SCIF. Even once. The Special Security Officer (SSO) pulls your access that afternoon and the CI investigation runs months.
- —Logging into a JWICS, SIPR, or NSANet terminal on another analyst's account because "they were right here." Account sharing is auditable; the audit closes your access permanently.
- —Talking shop in the hallway, the smoke pit, the gym, or the chow hall. Where you work, what you target, and who you support do not leave the SCIF — not even shorthand to your roommate.
- —Posting OPSEC-relevant content on social media — unit patch, "first day at Fort Meade," LinkedIn bullets that name programs or compartments. Foreign collection is real and your name goes in a file.
- —Pressing a key on a position you are not signed off on because "the senior analyst stepped out." Unqualified operator action gets the team's analytic authority pulled and ends your career before E-4.
The good cherry 35N is the PFC the senior analyst brings to the morning brief because the BLUF on his shadow product was right and the source line was clean to ICD 203 / 206. By month nine the JQR book is half done and IFPC is on the calendar; by month eighteen he is sitting an unsupervised position and the watch chief mentions him by name at the Service Cryptologic Element shift turnover. The warrant on the team has started asking him what he reads on his own time and which NCS course he wants next.
You are the workhorse analyst. The new privates copy how you build a SIGINT product; the senior NCO drops the hard target on your desk and expects it back clean before lunch.
You are JQR-qualified on at least one position under the joint NSA / USCYBERCOM / Service Cryptologic Component framework and you are reading toward the next. You sit a position unsupervised at a 706th MI Group analytic line at NSA/CSS Georgia, an INSCOM theater intel brigade desk, the 780th MI Brigade cyber-SIGINT fusion floor at Fort Eisenhower, a CMF team, or an NSA-co-located detail at Fort Meade. You drive the tools, build pattern-of-life products, run the RFI cycle with the supported tactical or theater customer, and write the section's input to the watch chief's INTSUM. You are also the Army-side junior leader on a joint floor — when the joint workforce confuses Army career counseling with Navy detailing or Air Force assignments, you are the one explaining how a DA 4187 actually moves and why the brigade enlisted-management cell, not the watch chief, owns your re-up.
- 01Run a qualified SIGINT analytic position end-to-end — traffic read, pattern-of-life construct, target development entry, RFI response — and log every action so the audit and the shift turnover both line up.
- 02Build a target packet that survives the supported staff's read — biographic, associative network, pattern-of-life over time and geography, sourcing per ICD 206, confidence per ICD 203, gaps named honestly.
- 03Apply the joint analytic and targeting cycle (JP 2-0, JP 3-60) inside the cryptologic enterprise on the specific products your team owes the supported command — not theoretically, by name.
- 04Drive cross-domain hygiene — JWICS, SIPR, NIPR, NSANet, GENSER, EKMS — without spillage. One spillage rolls up to Army CI and the SSO closes terminals for a week.
- 05Run an RFI dialogue with a theater intel brigade, an INSCOM element, a COCOM J2 SIGINT desk, or an NSA / CSS partner — phrase the answer so it survives the next echelon, and pull the senior analyst in when it should not be on your shoulders.
- 06Mentor the next cherry on JQR and OJT — the signoff you collect today becomes the signoff you sign for someone else inside 12 months.
- —ATP 2-22.6 — Signals Intelligence (own it, do not just refer to it).
- —FM 2-0 — Intelligence; ADP 2-0 — Intelligence; ATP 2-19.4 — BCT Intelligence Techniques (when you support tactical customers).
- —JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements; ICD 705 — SCIF Standards.
- —USSID-series — United States Signals Intelligence Directives (the directives governing your specific analytic line; team certifies, you read).
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Army Cybersecurity; DoDM 8140 — Cyberspace Workforce Qualification.
- —First JQR position qualification signed off; second position under JQR or in trainer.
- —IFPC (Intelligence Fundamentals Professional Certification) attempted and ideally passed; NCS course catalog seats taken as slots open.
- —IAT-II current per DoDM 8140; IAT-III in motion if the position requires it (CASP+, CISSP-Associate, or platform-specific equivalents).
- —BLC graduate; promotion points stacked with NCS / Foundry seats, credentials, college credit (CLEP/DSST/TA), correspondence.
- —ACFT 540+ floor — the cryptologic floor does not bend because your duty station is a SCIF. Source-citation discipline 100% — the SSO inspects and ICD 203/206 grade above the brigade.
- —Running on a position you are not currently qualified on because "I did it last rotation." JQR currency lapses are auditable; the team's analytic authority and your access both pay.
- —Pushing a confidence level the traffic does not support because the supported command wants it. "Likely" becomes "high confidence" and a real decision gets made on it — ICD 203 dissent procedures exist for a reason.
- —Plagiarizing a higher-echelon assessment into your slide without source citation. The next echelon up reads it, the SSO finds it, the credibility never comes back.
- —Letting the IAT-II credential lapse. The DoDM 8140 audit pulls you off position the day it expires and the team is short an analyst until you re-test.
- —Taking SCI-derived analysis to the SIPR or unclassified side without proper tear-line / sanitization procedures per USSID guidance. One spillage is a CI investigation that lasts longer than your enlistment.
The good Specialist 35N is the analyst the senior NCO hands the hardest target on Monday because it will come back clean, sourced, and ready by Wednesday. He has IFPC on the wall, an NCS course in his folder, an IAT-III voucher in motion, and the watch chief mentions his name at SCE shift turnover. He also gets the platoon's Army-internal paperwork done on time — promotion points, NCOER input, DLC modules — which separates a qualified analyst from a Specialist hiding from the Army side of the house.
You are an NCO now and a qualified SIGINT analyst with a vote on the floor. The privates do their counselings off your statements; the senior NCO briefs the watch chief and the supported command off products you signed for.
You lead a 3-5 soldier Army-side analytic element — a watch shift, a country or target desk, a SIGINT cell inside a BCT MICO or an INSCOM theater intel brigade, or a section on a Cyber Mission Force team at Fort Meade or Fort Eisenhower. You are dual-billeted in a way the Army does not always explain well — you have a cryptologic position at NSA / USCYBERCOM and an Army NCO seat, and you are accountable to both. You counsel your soldiers on the 14th and after every product event. You write the section's input to the watch chief's shift turnover and the brigade INTSUM. You sit at the team huddle, you defend confidence levels under questioning from a supported O-3 or O-4, and you are the senior Army NCO on the floor when the SSG NCOIC is at sick call or in ALC. You will also still be at the position — the moment you stop reading raw traffic is the moment you stop being credible to the analyst sitting next to you.
- 01Run a SIGINT watch or analytic element as the lead Army NCO — INTSUM build, threat warning push, RFI triage, escalation chain to the senior analyst and watch chief inside published timelines.
- 02Drive at least two JQR-qualified positions to current standard; lead the OJT / JQR signoff for soldiers underneath you to the same standard you were held to.
- 03Lead a target-development cycle from PIR / EEI through nomination inside the joint targeting cycle (JP 3-60) — USSID-compliant, ICD 203 / 206 graded, audit-defensible.
- 04Write the DA 4856 counseling that documents both the technical mistake and the development plan — Plan of Action specific, measurable, signed before the soldier leaves the room.
- 05Run the Army-internal piece for a joint workforce — promotion packets, DA 4187s, NCS / Foundry slot management, retention bonuses, family-readiness — without making the soldier go find HRC themselves.
- 06Operate the cross-MOS interface honestly — 35N sits next to 35F (all-source), 35G (GEOINT/imagery), 35P (cryptologic linguist), 35Q (cryptologic network warfare), 35S (signals collection), 35T (MI systems maintainer), and 17C (cyber operations). Know what each does so you do not embarrass the team claiming someone else's lane.
- —ATP 2-22.6 — Signals Intelligence (own it cover-to-cover at this rank).
- —FM 2-0 — Intelligence; ATP 2-19.4 — BCT Intelligence Techniques.
- —JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
- —ICD 203 / 206 — Analytic Standards / Sourcing; ICD 705 — SCIF Standards.
- —USSID-series — the directives governing your specific analytic line and target set; team certifies, you teach the soldiers under you.
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Army Cybersecurity; AR 623-3 — Evaluation Reporting; DoDM 8140 — Cyberspace Workforce Qualification.
- —Two or more JQR position qualifications current; IAT-II in hand, IAT-III in motion if the position requires it.
- —BLC graduate; ALC slot built and ready when the schedule drops. IFPC complete; NCS mid-career catalog seats taken as offered.
- —ACFT 560+ as a floor — your soldiers do not respect an NCO who skates on the test they are graded on, joint workforce or not.
- —Section product quality measurable — JQR pipeline velocity, IAT-credential currency, RFI rework rate, INTSUM accuracy — and trending the right way under your tenure.
- —Promotion points stacked: NCS / Foundry seats, credentials (Sec+, CASP+, CYSA+, CCNA depending on position), college credit, correspondence (DLC).
- —Signing off a JQR on a soldier you have not actually watched at the position. The audit finds it, the watch chief finds it, and the team's training authority gets pulled.
- —Counseling verbally. If the SPC's currency lapse or sourcing-discipline slip is not on paper, the senior rater cannot defend you and the SSG NCOIC cannot help you.
- —Skipping the SAEDA / TARP / insider-threat report on an indicator you saw — foreign contact, unreported travel, financial distress, behavioral change. AR 381-12 is not optional; the SSO will hear it from someone else first if not from you.
- —Letting an RFI rot. Every RFI not closed inside the published timeline is a senior commander somewhere making a decision without your analytic input.
- —Confusing the watch chief or supported O-4 with your Army NCO chain. The NSA civilian senior cannot write your NCOER and cannot defend you at the brigade enlisted-management cell.
The good SGT 35N is the analyst the watch chief trusts with the supported O-4's brief on a Saturday. His element's products survive the next echelon's read; his soldiers are picking up second and third JQR positions on schedule; his SPCs are on the SGT-board slate when their time comes. The team's warrant officer or the NSA civilian senior knows his name. He is also the NCO who turned in his platoon's NCOER input on time without the 1SG asking — which separates a credible joint-workforce NCO from one who is hiding from the Army side of the house.
You are the section NCOIC — the senior Army SIGINT analyst on a CMF team, a 706th MI Group analytic line, an INSCOM theater intel brigade desk, or the 780th MI Brigade cyber-SIGINT floor. The team chief or watch chief runs the mission; you run the analysts and the JQR / IAT / NCOER readiness picture.
You own a 6-12 soldier Army-side section or platoon-equivalent of analysts. You write the section's input to the brigade QTB. You sign for SCIF accreditation tasks under ICD 705, IT compliance tasks under DoDM 8140, and the JQR pipeline under the Service Cryptologic Component framework. You build two SGTs into ALC-graduate, SLC-ready NCOs. You sit at the brigade enlisted-management table and at the joint team's leadership huddle. You will brief the team chief, the supporting MI battalion S3, or a supported O-6 on section readiness at least once a quarter, and you will defend the analytic confidence line to a colonel or an NSA civilian senior who wants a different answer.
- 01Run an Army-side SIGINT section through a CMF readiness cycle, a CTC rotation in support of a BCT, an INSCOM operational tempo, or a real-world contingency — without losing JQR currency or the products.
- 02Defend the section's analytic line to the team chief, the MI battalion S3, the brigade S2 OIC, or the supported commander — say "we do not assess that" when the room wants a different answer, and back it up under ICD 203.
- 03Build a six-month training plan that produces one NCS-instructor-qualified NCO, two ICD-203-compliant analytic writers, and three certified analysts on the section's second-most-demanded position.
- 04Run the unit's NCS / Foundry / cryptologic-school slot program — slot management, prerequisite tracking, post-course JQR follow-through. Seats wasted are the SSG's on the next inspection.
- 05Mentor SGTs on NCOER writing, board prep, the warrant-officer (350F All-Source Intel Technician — verify against the current career map) packet, and the broader cryptologic-enterprise civilian pipeline.
- 06Translate SIGINT uncertainty into a recommendation a supported commander can act on without losing the uncertainty in translation.
- —ATP 2-22.6 — Signals Intelligence; FM 2-0 — Intelligence; ATP 2-19.4 — BCT Intelligence Techniques.
- —JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting; JP 2-01 — Joint and National Intelligence Support to Military Operations.
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing; ICD 705 — SCIF Accreditation.
- —USSID-series — the directives governing the section's target set; you teach them now, not just consume them.
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Army Cybersecurity; AR 380-67 — Personnel Security.
- —AR 623-3 — Evaluation Reporting; AR 600-8-19 — Enlisted Promotions; DoDM 8140 — Cyberspace Workforce Qualification.
- —ALC graduate; SLC packet built; consider an NCS instructor-qualified seat or the Strategic Intelligence Course on the record brief as the differentiator.
- —Three or more JQR position qualifications across your career; IAT-III in hand (CASP+, CISSP, or position-equivalent).
- —Section JQR pipeline velocity at or above the team's average; IAT-credential currency rate at or above 95%; zero analytic-product retractions in your tenure.
- —NCOER bullets on the official achievement list — action-result-impact, measurable, no "demonstrated exceptional cryptologic analytic performance" filler.
- —Section ACFT pass rate at or above brigade average — the cryptologic guys do not get to skip the test.
- —Letting a junior analyst push a product to the supported command without your sign-off when the SOP requires senior-analyst review. You signed for the section; you own every product that leaves the floor.
- —Writing an NCOER as a wish-list. Senior raters at the MI brigade and INSCOM read every 35N NCOER and remember the SSG who inflated the SGT who could not source a target packet.
- —Confusing tactical / brigade-level analysis with strategic / IC-level analysis. The skills overlap; the standards do not. Be honest about which one your section is producing for whom.
- —Bypassing the SSO on a physical-security, IT-compliance, or PERSEC finding. The SSO outranks you on SCIF and AR 380-67 compliance, and the report rolls up the chain you cannot influence.
- —Letting the warrant-officer-track (350F — verify the current career map) and NSA-civilian-track conversation be transactional. The technician and IC-civilian paths are among the most consequential moves in this MOS — mentor them like it is.
The good SSG 35N runs a section the watch chief names in the SCE turnover and the MI battalion CDR names in the brigade slide. His SGTs are SLC-board ready. His section's products survive the next echelon's read and the supported COCOM J2 SIGINT desk actually uses them. His soldiers re-enlist with credentials the cleared contractor across the SCIF is bidding on, or they walk into an NSA-civilian seat (GS-9 to GS-13 ladder), a Booz / Leidos / SAIC / CACI / MITRE billet at Fort Meade / Fort Eisenhower / Tampa / NoVA, or a federal civilian role with a clean clearance and a JQR jacket that translates. He has the warrant / NSA-civilian / IC-contractor conversation honestly before each soldier's next re-enlistment window closes.
You are the senior Army SIGINT NCO in a Military Intelligence Company, a battalion S3 cell, a brigade S2 NCOIC seat, or a CMF operational element. At SFC the 35-series career map converts to 35Z (Senior MI NCO) — verify against the current HRC / DA PAM 611-21 message before you commit to anything in writing. The MI battalion CDR briefs the brigade CDR off the readiness picture you produced; the team chief at NSA briefs the supported COCOM off products your element signed for.
You run the platoon's or element's entire enlisted SIGINT workforce — training, evaluations, schools, the NCS / Foundry / cryptologic-school pipeline, the IAT-II/III credential pipeline, NSA / USCYBERCOM detail assignments, retention, polygraph re-scope tracking, and discipline. You build the MI company commander or the team chief into the next echelon. You write four-to-five NCOERs per cycle that pick the next SSG / SFC slate across the brigade's SIGINT workforce. You walk the floor during operational tempo — the brigade CDR, the brigade S2 SGM, the team chief, and the NSA civilian senior all rely on your read of the analytic readiness. You will also still be the senior analytic voice on a hard problem the team chief or the supported commander wants a second opinion on — the day you stop reading raw traffic is the day you become a brochure.
- 01Run a CMF team's enlisted readiness picture, or an MI company SIGINT platoon through a contested operational tempo and a real-world contingency, back-to-back, without losing the products or the soldiers.
- 02Build the brigade or team's enlisted SIGINT training plan — NCS slot allocation, Foundry seats, ALC/SLC sequencing, IAT-II/III certification pipeline, language-program coordination where applicable — and defend it at the brigade QTB or team-chief huddle.
- 03Mentor a warrant-officer (350F or sister technician — verify against the current career map) packet, an NSA-civilian crossover, or a 17A Cyber Warfare Officer commissioning packet through preparation, application, and board sequencing.
- 04Operate as senior SIGINT NCO on a COCOM J2 SIGINT desk, a JTF, an INSCOM detachment (1st IO Command at Fort Belvoir, the 470th / 500th / 501st / 66th theater intel brigades, the 780th MI Brigade / 781st / 782nd MI Battalions at Fort Eisenhower), or an NSA / CSS-co-located detail at Fort Meade — speak the language of the supported staff, not just the home one.
- 05Run an internal SCIF accreditation cycle (ICD 705), an AR 380-67 personnel-security cycle, and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
- 06Brief enlisted readiness, JQR pipeline, and credential-currency at the brigade CSM, team-chief, or COCOM SEA level in language the senior can defend at the next higher echelon.
- —ATP 2-22.6 — Signals Intelligence; FM 2-0 — Intelligence; ATP 2-19.4 — BCT Intelligence Techniques (you teach these now).
- —JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting; JP 2-01 — Joint and National Intelligence Support to Military Operations.
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing; ICD 705 — SCIF Accreditation.
- —USSID-series — the directives governing the platoon's target set; you certify soldiers on them and own the compliance audit.
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 380-67 — Personnel Security; AR 25-2 — Army Cybersecurity.
- —DoDM 8140 — Cyberspace Workforce Qualification; DoDM 5105.21 — SCI Administrative Security; DoDD 5240.01 — DoD Intelligence Activities; EO 12333.
- —SLC graduate; MLC packet built — required for E-8 board competitiveness. 35Z conversion at SFC (verify against current HRC SELCONT and DA PAM 611-21).
- —Three-plus JQR position qualifications across your career; senior IAT-III credential current (CASP+, CISSP, or equivalent).
- —Platoon / element JQR pipeline at or above the brigade or team's average; IAT-credential currency at or above 95%; zero unresolved CAT-1 SCIF accreditation or DoDM 8140 audit findings during your tenure.
- —Warrant-officer / 17A / NSA-civilian accession pipeline producing 1+ selected candidate per year out of your platoon when the talent is there.
- —NCOER profile defensible at brigade, division, INSCOM, ARCYBER, and team-chief level — the rated NCOs you raised are getting selected on the next slate.
- —Letting one team or section drift because the SSG NCOIC is "your guy." The DoDM 8140 audit finds it first, the SSO finds it second, the brigade CSM finds it third.
- —Briefing a confidence level or a readiness picture you cannot defend at the next echelon up. Theater intel brigades, INSCOM, ARCYBER, and NSA leadership read brigade products; they remember who wrote what.
- —Confusing tactical / Army-internal experience with strategic / IC-level / joint-force competence. The brigade and the team chief need both; senior NCOs who fake the second are exposed the first time they brief a J2 or an NSA civilian senior.
- —Skipping the family-readiness piece because "the spouses run that." Cryptologic deployment tempo, polygraph reinvestigation stress, and irregular shift work are real loads on families, and you sign the readiness report on it.
- —Going around the brigade S2 OIC or the MI battalion CDR to a higher echelon. The CSM's door closes; the slate gets read out at the next CSM conference.
The good SFC 35N is the senior SIGINT NCO the brigade CSM, the MI battalion CDR, and the team chief at NSA / CSS all trust to run the element's readiness through a contested operational tempo and a real-world contingency without surprises. His warrant-officer-track, 17A, and NSA-civilian pipelines produce accessions; his platoon's NCOERs pick the next SSG-board slate; his SGTs are on the SLC slot list. He is on the short list for First Sergeant of an MI company before he sits MLC, and the supported COCOM's J2 enlisted senior knows his name. Pull the current HRC SELCONT and SRB MILPER when you sit down to plan the next three years — the figures move and the broadening windows close fast.
You are the senior enlisted SIGINT / MI voice on a Military Intelligence company, a CMF element, the 706th MI Group, the 780th MI Brigade, an INSCOM theater intel brigade, INSCOM HQ at Fort Belvoir, ARCYBER staff at Fort Eisenhower, or an NSA / CSS enlisted advisory seat at Fort Meade. The brigade CDR, the team chief, the INSCOM CG, or the supported COCOM SEA names you in the slide.
As 1SG you run an MI company — 90-130 analysts, linguists, signals soldiers, the SCIF footprint, the orderly room, the supply room, the security clearances, the polygraph re-scope tracker, and the readiness reporting. As SGM/CSM on the 706th MI Group, the 780th MI Brigade, a theater intel brigade (470th / 500th / 501st / 66th), 1st IO Command, INSCOM HQ, ARCYBER staff, an NSA / CSS-co-located detail, or a CMF element, you set the standard for the enlisted SIGINT / MI workforce at scale — JQR currency, IAT-II/III certification, NCS pipeline, the warrant-officer-track and 17A commissioning pipeline, language-program governance where applicable, command climate inside a closed-access workforce that runs odd hours in a SCIF. You sit in the cryptologic-strategy and intel-strategy conversations alongside O-5s, O-6s, GS-15s, and senior NSA civilians; you advise on enlisted talent slate at echelons above brigade.
- 01Run an MI company, brigade, or team enlisted readiness picture — JQR currency, IAT-II/III, language proficiency (DLPT) where applicable, polygraph re-scope tracker, NCS / Foundry / cryptologic-school pipeline — and defend it at the brigade CDR, INSCOM CG, ARCYBER CG, or team-chief level.
- 02Mentor a warrant-officer-technician slate, a 17A Cyber Warfare Officer commissioning slate, and an NSA-civilian-crossover pipeline at brigade or higher-staff level.
- 03Brief the brigade CDR, theater intel brigade, INSCOM, ARCYBER, NSA / CSS leadership, or supported COCOM senior enlisted advisor on enlisted SIGINT / MI readiness in language the senior can defend at the next higher echelon.
- 04Run a SCIF accreditation cycle (ICD 705), an AR 380-67 personnel-security cycle, and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
- 05Translate the Army Intelligence Enterprise / INSCOM / ARCYBER / Cyber Mission Force / NSA-CSS strategy into enlisted-talent decisions at the unit — slots, schools, assignments, retention bonuses, polygraph re-scope sequencing, broadening tours (NSA / CSS rotation at Fort Meade, COCOM J2 SIGINT desk, 780th MI BDE cyber-SIGINT integration).
- 06Run a casualty notification, PERSEC compromise response, CI compromise response, or insider-threat referral inside a closed-access workforce with the dignity and discretion the population and the mission require.
- —AR 600-20 — Army Command Policy; AR 27-10 — Military Justice (you are in the room).
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 380-67 — Personnel Security; AR 25-2 — Army Cybersecurity.
- —ICD 705 — SCIF Accreditation; ICD 203 / 206 — Analytic Standards / Sourcing (you teach these now).
- —JP 2-0 — Joint Intelligence; JP 2-01 — Joint and National Intelligence Support; JP 3-60 — Joint Targeting; INSCOM / ARCYBER FRAGOs and ALARACTs.
- —DoDM 8140 — Cyberspace Workforce Qualification; DoDM 5105.21 — SCI Administrative Security Manual; DoDD 5240.01 — DoD Intelligence Activities; EO 12333.
- —The 1SG Course / USASMA / SGM-A reading list (Fort Bliss) — you are expected to teach doctrine and translate strategy down.
- —USASMA / SGM-A completion before competing for command CSM slate.
- —Brigade or higher-staff SCIF accreditation, AR 380-67 personnel-security audit, and DoDM 8140 workforce-qualification passes without senior-NCO-attributable CAT-1 findings during your tenure.
- —Warrant-officer-technician, 17A, and NSA-civilian-crossover pipeline producing 1+ selected candidate per year from your unit when the talent is there.
- —NCOER profile the senior rater can defend at brigade, division, INSCOM, ARCYBER, and team-chief level — your rated NCOs are picking up 1SG and SGM chevrons on schedule.
- —Zero senior-NCO-level integrity, financial, fraternization, OPSEC, polygraph-falsification, or CI incidents. One ends the career permanently — and at this rank, in this MOS, it also threatens the clearance of every soldier you mentored.
- —Pretending to be the senior analytic voice on a target set you have been off of for years. Senior SIGINT NCOs lose authority by faking depth — the warrants, the GS-13 analysts, and the supported J2 staff will catch you the first week.
- —Letting a 1SG-led company drift on SCIF accreditation, DoDM 8140 workforce qualification, AR 380-67 reinvestigation tracking, or insider-threat reporting because "the SSO will catch it." You own it; the SSO is your partner, not your replacement.
- —Treating the warrant-officer / 17A / NSA-civilian-crossover conversation as transactional. The technician, Cyber Warfare Officer, and IC-civilian paths are the highest-leverage technical career moves in the SIGINT / MI community — mentor them like it is, including the honest parts about commute, family load, and clearance maintenance.
- —Going public with disagreement over a CO's operational call, an NSA civilian senior's analytic line, or a J2's targeting decision. Take it in the office. Walk out aligned, or push back in writing through the right echelon.
- —Confusing seniority with current relevance. SIGINT and the cryptologic enterprise move fast — the soldier reading today's traffic is closer to the truth than the CSM who has not driven a position or read raw in five years. Stay in the JQR conversation; sit a refresh; ask the GS-13 what changed.
The good 35N / 35Z CSM / 1SG / SGM is the senior enlisted leader the brigade CDR, the team chief at NSA / CSS, the INSCOM CG, the ARCYBER CG, or the supported COCOM SEA names without thinking. His MI company or element is the one the brigade pulls forward for the contested mission. His warrant-officer-technician, 17A, and NSA-civilian-crossover rate is in the upper third of the SIGINT / MI community; his rated NCOs are picking up first sergeant chevrons on schedule. He is the enlisted voice in the room when the J2, the NSA civilian senior, and the supported commander disagree on what the threat is doing in signals — and the conversation ends with the analytic line intact. Post-service the same NCO walks into a Booz Allen, Leidos, SAIC, CACI, Northrop, or MITRE seat at Fort Meade, Fort Eisenhower, Tampa, or NoVA the week he clears — or an NSA-civilian billet on the GS-13/14 ladder — because he never let the clearance, the credentials, or the analytic chops go cold.
What this actually is in the real world
Your skills translate. Here's what civilian employers call this job — and what they pay.
Intelligence Analysts
Strong matchCommunications Equipment Operators
Strong matchInformation Security Engineers
Related fieldElectrical Engineers
Related fieldSalary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.
How exposed is the civilian version of this job to AI?
Not a measurement of this MOS. Published labor-market research on the closest civilian occupation in our crosswalk — treat it as a signal, not a verdict.
Closest civilian match: Intelligence Analysts (close match)
Report writing, pattern analysis, and briefing production are the core of the job — real, meaningful LLM exposure (40%) in the 2023 study. Frey & Osborne’s 2013 appendix never scored "Intelligence Analysts" as a distinct occupation (it wasn’t broken out as its own line in their 702-job list), so there’s no comparable 2013-era number — we’re not going to borrow one from a neighboring title and pretend it fits.
This describes exposure for the civilian occupation, not a rating of this MOS, your unit, or your actual day-to-day duties. The matched civilian job is a close or related crosswalk, not exact.
Exposure research: Eloundou et al., "GPTs are GPTs" (arXiv preprint) (2023); Eloundou et al., Science 384(6702):1306-1308 (DOI 10.1126/science.adj0998) (2024); Eloundou et al. published occupation-level data (occ_level.csv) (2023).
Read the full methodology and see how much of the MOS catalog is scored so far on the AI/Automation Displacement Risk tool.
MOS Pulse
Anonymous · One tap · No accountThree seconds of your time, zero of your identity. This is how the honest picture of 35N gets built — one tap at a time.
Knowing what you know now — would you pick 35N again?
Did your recruiter describe this job accurately?
Hours per week this job actually takes in garrison?
That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.
Write the Full Review →Nobody’s gone first. Yet.
Zero reviews for 35N. Not because nobody has opinions — anyone who’s actually done Signals Intelligence Analyst is carrying a full magazine of them — but because nobody’s put theirs on the record.
So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 35N from now on reads it before anything else — including the recruiter’s version.
We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.
Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.
35N Signals Intelligence Analyst — FAQ
Q01What does a 35N do in the Army?
Q02How long is 35N training and where is it held?
Q03What does a day in the life of a 35N look like?
Q04What are the most common career-ending mistakes for a 35N?
Q05What civilian jobs does 35N translate to?
Q06What's the career progression for a 35N?
Q07What's the recruiter not telling me about 35N?
Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews