Cyber Threat Intelligence Analyst

About The Position

Requirements

• Experience as a cyber threat analyst collaborating with multiple internal and external stakeholders to gather data and intelligence, analyze, vet, and enrich the intelligence, create joint reports, and share with stakeholders
• Experience using intelligence platforms such as MISP Threat Intelligence Platform
• Knowledge of CNE and CNA tools and tradecraft along with signatures and Tactics, Techniques, and Procedures (TTPs) associated with preparation for and execution or implementation of such attacks
• Knowledge of cyber threats, open-source research, nation state actors, vulnerabilities, and cyber attacks
• Ability to prioritize and juggle multiple events or initiatives simultaneously
• Top Secret clearance
• Bachelor’s degree and 15+ years of experience in a cybersecurity threat intelligence, intelligence analysis, threat analysis, or cybersecurity role, or 19+ years of experience in a cybersecurity threat intelligence, intelligence analysis, threat analysis, or cybersecurity role in lieu of a degree

Nice To Haves

• Experience working in a SOC or cyber operations environment
• Experience working with Splunk, including writing or understanding queries and evaluating telemetry logs
• Knowledge of current and emerging cyber adversaries and their Techniques, Tactics, and Procedures (TTPs)
• Knowledge of threat modeling and adversary tactics and techniques frameworks such as MITRE ATT&CK matrices, Cyber Kill Chain, STRIDE, or PASTA
• Knowledge of Confluence and Jira
• Knowledge of ServiceNow or similar ticketing systems
• Ability to write and deliver succinct briefings, presentations, and reports to convey analysis, threat trends, threat actor profiles, indicator bulletins, vulnerability details, and defensive strategies to varied audiences
• CISSP, GCTI, GCIA, GCIH, CEH, CTIA, or equivalent Certification

Responsibilities

• Conduct analysis to profile threat actor TTPs used to infiltrate networks, systems, and assets to produce threat actor cards, profiles, or threat briefs.
• Report on current and emerging threats that will exploit vulnerabilities and details of the vulnerabilities to stakeholders.
• Collect, analyze, and correlate cyber threat intelligence from open-source, commercial, and government sources.
• Actively monitor open-source intelligence, industry reports, and internal security logs to gather threat information, then synthesize and disseminate critical insights to relevant stakeholders.
• Conduct tactical, operational, and strategic threat analysis in support of ongoing monitoring and investigations, identify patterns, and attribute attacks to specific actors.
• Track threat actors, phishing campaigns, malware, and TTPs relevant to the agency’s mission and technology footprint.
• Produce actionable reports, briefings, and indicators of compromise (IOCs) for internal stakeholders.
• Support development of new detection rules and analytics based on evolving threats.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program