Threat Intelligence Analyst

Qualifications

• Minimum of 8 years with BS/BA;
  Minimum of 6 years with MS/MA;
  Minimum of 3 years with PhD
• Clearance:
  Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Master’s degree or Ph.D. in Strategic Intelligence, Cybersecurity Risk Management, Computer Science, Data Science, Information Systems, Information Technology, or a related field; OR
  • Relevant DoD/IC advanced training (examples: DIA Advanced Cyber Threat Analysis; National Cryptologic School advanced cyber intelligence courses; SANS FOR
    578); OR
  • Relevant professional certification or equivalent experience (examples: CISSP; CompTIA CASP+; GIAC GCIA; GIAC GREM; CREST CCTIM).
• Required experience and skills:
  • Cyber threat intelligence, analysis, or related analytic experience with at least 3 years performing senior TI roles supporting SOC/CIRT or DoD missions.
  • Expertise mapping TTPs to MITRE ATT&CK, developing IOCs, and producing decision‑grade analytic products and executive briefings.
  • Proficiency with TI platforms, TIPs, SIEM/EDR integration, enrichment pipelines, and threat data automation.
  • Strong analytic writing, briefing, and stakeholder engagement skills to translate intelligence into operational tasks and strategic recommendations.
• Desired:
  • Prior experience supporting ARCYBER, NETCOM, RCC‑ARNG, or joint/IC threat intelligence operations.
  • Familiarity with malware analysis, reverse‑engineering outputs, and integrating CTI into detection engineering and hunt workflows.

We are seeking a highly skilled and innovative Threat Intelligence Analyst to join our team in the greater DMV area, supporting the Army National Guard.

• Collect, fuse, and analyze threat intelligence from ACERT, DISA, ARCYBER, US‑CERT, commercial feeds, and enterprise telemetry to build an accurate threat picture for the ARNG environment.
• Map adversary TTPs to local technologies, CDAP/CHAP findings, and control gaps; prioritize detections, hunts, and mitigation actions.
• Produce and distribute threat briefs, IOCs, analytic notes, dashboards, and executive summaries to SOC, hunters, detection engineers, CIRT, DCO, and leadership.
• Develop enrichment logic, correlation rules, and intelligence‑driven detection/use cases to operationalize intelligence into SIEM/EDR/SOAR workflows.
• Validate indicators and detection logic with SOC analysts, incident responders, and engineering teams; support hunt missions and incident investigations with contextual intelligence.
• Track adversary campaigns, malware trends, vulnerability exploit patterns, and translate into mission‑focused recommendations for defensive measures.
• Maintain threat repositories, automation playbooks, and analytic artifacts to enable repeatable, machine‑readable intel workflows and situational awareness.
• Liaise with external intel partners and keep abreast of emerging tools, techniques, and reporting to inform enterprise readiness and response posture.