Threat Intelligence Analyst

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Active TS/SCI clearance.
• Master’s degree or Ph.D. in Strategic Intelligence, Cybersecurity Risk Management, Computer Science, Data Science, Information Systems, Information Technology, or a related field; OR Relevant DoD/IC advanced training (examples: DIA Advanced Cyber Threat Analysis; National Cryptologic School advanced cyber intelligence courses; SANS FOR578); OR Relevant professional certification or equivalent experience (examples: CISSP; CompTIA CASP+; GIAC GCIA; GIAC GREM; CREST CCTIM).
• Cyber threat intelligence, analysis, or related analytic experience with at least 3 years performing senior TI roles supporting SOC/CIRT or DoD missions.
• Expertise mapping TTPs to MITRE ATT&CK, developing IOCs, and producing decision‑grade analytic products and executive briefings.
• Proficiency with TI platforms, TIPs, SIEM/EDR integration, enrichment pipelines, and threat data automation.
• Strong analytic writing, briefing, and stakeholder engagement skills to translate intelligence into operational tasks and strategic recommendations.

Nice To Haves

• Prior experience supporting ARCYBER, NETCOM, RCC‑ARNG, or joint/IC threat intelligence operations.
• Familiarity with malware analysis, reverse‑engineering outputs, and integrating CTI into detection engineering and hunt workflows.

Responsibilities

• Collect, fuse, and analyze threat intelligence from ACERT, DISA, ARCYBER, US‑CERT, commercial feeds, and enterprise telemetry to build an accurate threat picture for the ARNG environment.
• Map adversary TTPs to local technologies, CDAP/CHAP findings, and control gaps; prioritize detections, hunts, and mitigation actions.
• Produce and distribute threat briefs, IOCs, analytic notes, dashboards, and executive summaries to SOC, hunters, detection engineers, CIRT, DCO, and leadership.
• Develop enrichment logic, correlation rules, and intelligence‑driven detection/use cases to operationalize intelligence into SIEM/EDR/SOAR workflows.
• Validate indicators and detection logic with SOC analysts, incident responders, and engineering teams; support hunt missions and incident investigations with contextual intelligence.
• Track adversary campaigns, malware trends, vulnerability exploit patterns, and translate into mission‑focused recommendations for defensive measures.
• Maintain threat repositories, automation playbooks, and analytic artifacts to enable repeatable, machine‑readable intel workflows and situational awareness.
• Liaise with external intel partners and keep abreast of emerging tools, techniques, and reporting to inform enterprise readiness and response posture.

Benefits

• Overtime
• Shift differential
• Discretionary bonus