IC SIGINT analyst roles compared
Intelligence Analyst Roles Compared: TAR vs TDNA vs DNEA vs EA
TDNA, DNEA, EA, TAR, CNDA, and SATD are related, but they are not the same job. Here is how we distinguish them when matching cleared candidates to mission billets.
Compare Open RolesFour job titles get treated like interchangeable labels for cyber person with a clearance. They are not the same job. They are different seats in the same mission, they reward different skills, and the difference matters more than the acronyms suggest.
GS Consulting recruits and places all of these analysts. That gives us a practical view of how the roles differ in real staffing conversations: what a candidate has done, what the billet needs, where the technical center of gravity sits, and how the person will work with the rest of the mission team.
The Intelligence Workflow: How the Roles Fit Together
The Intelligence Triad is a workflow, not a ranking. A target gets discovered, characterized, accessed, exploited, defended against when needed, and reported. Different roles own different parts of that flow.
- A Target Digital Network Analyst (TDNA) finds and tracks target activity across data sources.
- A Digital Network Exploitation Analyst (DNEA) maps target network infrastructure and helps plan exploitation options.
- An Exploitation Analyst (EA) studies exploitable technical conditions and supports practical access analysis.
- A Target Analyst Reporter (TAR) turns collection, target activity, and analyst findings into reporting decision makers can use.
- A Cyber Network Defense Analyst (CNDA) focuses on defense, alerts, logs, incidents, and protection of approved systems.
- A Signals Analytic Technique Developer (SATD) builds specialized analytic techniques, signal processing methods, and mission tooling.
Side by Side Comparison
The table below is not a contract description. It is the practical distinction candidates and hiring teams usually need first: what each role focuses on, what work it owns, and how technical it tends to be.
| Role | Focus | Core tasks | Key skills | Typical level and experience | Salary band | How technical |
|---|---|---|---|---|---|---|
| Target Analyst Reporter (TAR) | Finished intelligence reporting from collection and target activity. | Research, analyze, draft, edit, coordinate, and release reporting. | SIGINT reporting, target research, editorial judgment, quality control, collaboration. | Levels 1 to 4. Strong fit for analysts with reporting, writing, and target context. | $90,000 to $210,000 | Moderate. Technical fluency matters, but writing and analytic judgment carry the role. |
| Target Digital Network Analyst (TDNA) | Target discovery, target continuity, and digital network intelligence. | Analyze collection, profile activity, maintain continuity, generate leads, and support targeting. | Target research, pattern recognition, SIGINT analysis, cyber context, database research. | Levels 1 to 4. Strong fit for analysts who connect activity across data sources. | $95,000 to $250,000 | Moderate to high. More technical than pure reporting, less technical than DNEA or EA. |
| Digital Network Exploitation Analyst (DNEA) | Target network mapping and exploitation planning. | Map infrastructure, analyze protocols and routing, evaluate access paths, and build operations plans. | TCP/IP, OSI model, routing, vulnerability analysis, scripting, network infrastructure. | Levels 1 to 4. Strong fit for technical analysts with networking depth. | $110,000 to $240,000 | High. One of the most technical analyst roles in the group. |
| Exploitation Analyst (EA) | Vulnerability discovery, technical access conditions, and exploitation analysis. | Study target systems, assess vulnerabilities, support penetration testing, and explain practical options. | Vulnerability analysis, computer systems analysis, penetration testing, forensics, technical targeting. | Levels 1 to 4. Strong fit for analysts who like hands on technical problem solving. | $85,000 to $250,000 | High. Very close to DNEA, but tilted more toward exploitation conditions and execution. |
| Cyber Network Defense Analyst (CNDA) | Defense of approved networks and cyber data review. | Review alerts, logs, traffic, host data, vulnerability findings, and incident signals. | Network defense, IDS, firewall logs, forensics, incident triage, defensive recommendations. | Levels 1 to 4. Strong fit for analysts who want the defensive mission lane. | $70,000 to $200,000 | High, but defensive. The mission is protection and response, not target access. |
| Signals Analytic Technique Developer (SATD) | Signals analytic methods, custom tools, and COMINT technique development. | Build analytic techniques, write software, support signal processing, and develop mission tooling. | Scientific programming, DSP, COMINT, hardware methods, software tool development. | Levels 1 to 4. Strong fit for developers and engineers who understand signals analysis. | $70,000 to $200,000 | Very high. This is the most development heavy role in the set. |
Salary ranges are current GS Consulting page ranges and may change by billet, level, customer need, clearance status, contract fit, and location expectations.
TDNA vs DNEA: The Pair People Confuse Most
The most common confusion is Target Digital Network Analyst (TDNA) vs Digital Network Exploitation Analyst (DNEA). They sit close together, but they answer different questions.
A TDNA answers who, where, and what changed. The role is about target discovery, target continuity, pattern recognition, and connecting activity across collection and digital footprints. A strong TDNA keeps the target from disappearing as infrastructure, behavior, or identifiers shift.
A DNEA answers how the network is built and where realistic access or exploitation options may exist. The role requires deeper networking, protocol, routing, infrastructure, vulnerability, and exploitation planning skill. A strong DNEA can explain the shape of the network and what technical paths matter.
Where EA, CNDA, and SATD Fit
Exploitation Analyst (EA) is the closest neighbor to DNEA. DNEA leans toward mapping and planning. EA leans toward identifying exploitable technical conditions and supporting the exploitation analysis itself.
Cyber Network Defense Analyst (CNDA) uses many overlapping cyber skills, but the mission direction changes. CNDA work is defensive: logs, alerts, traffic, host data, suspicious activity, and recommendations to protect approved systems.
Signals Analytic Technique Developer (SATD) is the technical build lane. SATDs create analytic methods, software tools, signal processing workflows, and custom techniques that help mission teams understand complex communications signals.
How Analysts Move Between Roles
Movement is normal. A career in this cluster is not locked to one acronym forever. The better question is which skill you want to deepen next.
- A TDNA who wants more network depth can grow toward DNEA or EA work.
- A DNEA or EA who builds stronger writing and reporting judgment can move closer to TAR work.
- A TAR who wants to stay closer to collection and targeting can grow toward TDNA work.
- A DNEA, EA, or SATD with stronger software skills can move toward more development heavy mission roles.
- A technical analyst who wants to defend instead of pursue can move toward CNDA work.
Which Role Is Right for You?
You are strongest at turning intelligence activity into clear reporting, editing, and mission ready language.
You like target research, continuity, lead generation, and connecting weak signals across sources.
You want the technical network lane: routing, protocols, infrastructure, and exploitation planning.
You want to study exploitable conditions, vulnerability evidence, technical access, and hands on analysis.
You want defensive cyber work: logs, alerts, incidents, forensics, and protection of approved systems.
You want to build analytic techniques, code, signal processing methods, and custom mission tools.
Open Roles at GS Consulting
Review the six dedicated role pages below, or start at the Cyber Intelligence & Target Analysis hub if you want the broader career cluster. If you are focused on network exploitation specifically, read what a Digital Network Exploitation Analyst does. If compensation is the deciding factor, compare current ranges in the IC cyber analyst salary guide. If you are trying to enter the field, start with how to become an IC intelligence analyst. For reporting specifically, read what a Target Analyst Reporter does. For target continuity, read what a Target Digital Network Analyst does. For the builder lane, read what a Signals Analytic Technique Developer does. For the defensive cyber lane, read what a Cyber Network Defense Analyst does. For the exploitation lane, read what an Exploitation Analyst does. If you are transitioning from military cyber or SIGINT work, read how military backgrounds translate to IC contractor roles. For certification planning, read which certifications actually matter for each role lane.
Frequently Asked Questions
What is the difference between a TDNA and a DNEA?
A Target Digital Network Analyst answers who and where: discovering a target, profiling activity, generating leads, and maintaining continuity as the target moves. A Digital Network Exploitation Analyst answers how and where in: how the target network is built and where access paths may exist. TDNA centers on analytic breadth and target continuity. DNEA centers on networking and exploitation planning.
Which intelligence analyst role is the most technical?
DNEA, EA, and SATD sit at the deepest technical end. SATD is the most development heavy because it involves scientific programming, signal processing, and custom analytic tool development. DNEA and EA are also highly technical, with more emphasis on networking, vulnerability analysis, and exploitation conditions.
Which of these roles pays the most?
The ranges overlap, so the title alone is the wrong thing to optimize. Pay tracks the level, clearance status, specific billet, contract fit, and experience more than the acronym. TDNA and EA currently have the highest listed ceiling at GS Consulting, while senior DNEA, TAR, CNDA, and SATD roles can also reach strong compensation bands.
Can you move between TDNA, DNEA, EA, TAR, CNDA, and SATD roles?
Yes. These roles are related Intelligence Community work lanes, and people can move between them over a career. A TDNA who builds deeper networking skill can move toward DNEA or EA work. A strong analyst with clear writing can move toward TAR. A technical analyst with real development skill may move toward SATD.
Do these intelligence analyst roles require coding?
It depends on the role. SATD requires real software development. DNEA and EA benefit from scripting plus strong networking and computer science fundamentals. TDNA requires technical fluency, target research, and analytic tradecraft. TAR is weighted toward reporting, writing, editing, and intelligence judgment rather than coding.
Is an Exploitation Analyst the same as a DNEA?
They are closely related, but not identical. A DNEA emphasizes target network mapping and exploitation planning. An Exploitation Analyst is weighted more toward identifying exploitable technical conditions and supporting the exploitation analysis itself. The roles overlap heavily, but the center of gravity is different.
What clearance do these roles share?
GS Consulting roles in this cyber intelligence and target analysis group require an active TS/SCI clearance. Candidates must also meet the specific customer, contract, site access, and billet requirements handled during recruiting.
Not sure which role fits your background?
Send your resume and tell us which work you have actually done: reporting, target continuity, network exploitation, vulnerability analysis, defense, signals processing, or tool development. We will help map your background to the right billet.