Cyber Threat Intelligence Analyst

About The Position

Requirements

• Bachelor's Degree with 8+ yrs of experience or Master’s Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Strong knowledge of networking protocols, computing security elements (IDS/IPS, Firewalls), and experience with data correlation and analysis.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

Nice To Haves

• Advanced Threat Analysis: Demonstrated expertise in analyzing malware reports, forensic data, and packet captures to extract actionable intelligence.
• Framework Proficiency: Expert-level understanding of the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Intelligence Platforms: Experience utilizing Threat Intelligence Platforms (TIPs) such as Anomali, ThreatConnect, or MISP.
• Analytical Writing: Strong ability to translate technical findings into concise, non-technical briefings for senior leadership.
• Scripting & Querying: Proficiency with Python or PowerShell for data scraping/automation; familiarity with SPL, KQL, or Elastic DSL for querying large datasets.
• Cloud & Infrastructure: Experience analyzing threats targeting AWS, Azure, O365, and containerized environments.
• Global Landscape Knowledge: Deep understanding of geopolitical trends and how they influence cyber-adversary activity.

Responsibilities

• Produce High-Value Intelligence: Lead the production of strategic, operational, and tactical intelligence reports to inform stakeholders of emerging threats, actor motivations, and potential impacts.
• Adversary Characterization: Analyze adversary tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to develop comprehensive profiles of Advanced Persistent Threats (APTs) relevant to the enterprise.
• Intelligence Lifecycle Management: Drive the end-to-end intelligence cycle, including developing Priority Intelligence Requirements (PIRs), managing collection plans, and disseminating actionable intelligence to defensive teams.
• Threat Modeling & Forecasting: Maintain proactive situational awareness by evaluating DoD, IC, and open-source reporting to forecast shifts in the threat landscape and identify systemic vulnerabilities before they are exploited.
• Indicator Lifecycle Management: Evaluate the fidelity of Indicators of Compromise (IOCs) and Indicators of Behavior (IOBs); manage the ingestion, enrichment, and expiration of threat data within a Threat Intelligence Platform (TIP).
• Support Hunt & DCO Operations: Provide the intelligence foundation for Hunt missions and Defensive Cyber Operations (DCO) by delivering "Indications & Warnings" and actionable pivot points for internal investigations.
• Automated Intelligence Integration: Design solutions to automate the delivery of threat data to security controls (SIEM/SOAR/Firewalls) and develop scripts to streamline data collection and correlation.
• Strategic Advisory: Provide recommendations for executive-level decision-making regarding risk management, security architecture improvements, and intelligence-driven defense strategies.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.