Cyber Threat Intelligence & Data Manager, Top Secret Security Clearance

Position: Cyber Threat Intelligence & Data Manager, Top Secret with Security Clearance
The Cyber Threat Intelligence & Data Management Lead oversees teams that collect, process, organize, and analyze cyber threat data transforming it into actionable intelligence that informs decision-makers and strengthens national cyber defense. In this role, the successful candidate governs TIP data quality and tagging, manages the intelligence production cycle, and drives targeted notifications, RFIs, dashboards, and event-driven reporting that enhances threat visibility and mission impact.

The candidate directs operations within a threat intelligence platform (TIP), ensuring analysts can receive, share, enrich, correlate, and disseminate timely intelligence to reduce cyber risk across various agencies to such as, FCEB agencies, SLTT partners, and critical infrastructure sectors.

Key Responsibilities Cyber Threat Intelligence (CTI) Operations Leadership
* Oversee teams delivering strategic, operational, and tactical CTI products

* Enhance national situational awareness by directing monitoring, aggregation, and correlation of cyber incident reports

* Sustain real-time CTI exchange by coordinating with internal components, FCEB agencies, and external partners to maintain an accurate, timely, and shared threat picture across the full threat lifecycle.

* Detect and characterize threats by continuously monitoring intelligence, media, law enforcement, and third-party data feeds within the TIP to identify incidents, vulnerabilities, and malicious activity. TIP & Data Management Governance
* Ensure continuous, reliable operation of the TIP by managing ingestion pipelines, maintaining data quality, and sustaining platform performance .

* Operate robust tipping and queuing workflows (manual and automated) in the TIP, routing, enriching, triaging, and disseminating inbound/outbound intelligence.

* Maintain TIP data integrity via accurate tagging, metadata management, traceability, and feed normalization, adhering to standards such as STIX, JSON, and MISP formatting.

* Implement tagging governance (multi-tag, rule-based, hierarchical), including TLP designations, source/analyst attribution, and threat context to support consistent access control and data lineage. Analytic Frameworks & Requirements Alignment
* Apply recognized analytic models and frameworks-MITRE ATT&CK, Diamond Model, Cyber Kill Chain-to structure intelligence, map adversary behavior, and align reporting to Priority Intelligence Requirements (PIRs) and Threat Branch Information Needs (INs).

* Strengthen threat prioritization by correlating activity, vulnerabilities, and attack surfaces across sectors and threat groups to support campaign tracking, risk scoring, and intelligence-driven resource allocation.

* Identify and prioritize intelligence requirements for the Threat Branch, tagging reporting to INs nested under PIRs. Intelligence Production Cycle & Targeted Notifications
* Manage the full intelligence production cycle-topic formation, proposal, development, coordination, review, approval, and dissemination-ensuring compliance with analytic standards.

* Review intelligence products for analytic rigor, technical accuracy, and conceptual soundness.

* Produce targeted notification packages that are timely, accurate, and actionable, integrating classified and unclassified reporting.

* Oversee the issuing, triage, and tracking of RFIs in the TIP, maintaining timely responses, status visibility, and stakeholder coordination.

* Capture customer feedback on threat intelligence products and integrate insights into continuous improvement to enhance relevance, clarity, and mission impact. Cyber Defense Support & Cross-Functional Integration
* Strengthen national cyber defense by overseeing continuous monitoring, triage, investigation, and reporting of cybersecurity events and incidents across FCEB, SLTT, and critical infrastructure environments.

* Document all analysis in required formats-ticketing entries, knowledge articles, external reports, incident response playbooks.

* Accelerate threat discovery by directing development of custom scripts and AI/ML-enabled analytic techniques.

* Create, deploy, and refine detection logic and policies used across monitoring tools and platforms; maintain enterprise-level incident response and hunt analysis baselines for each supported environment. SOPs, Training, and Source Repository Management
* Develop, document, and maintain repeatable SOPs and working instructions for targeted notifications and production workflows; train new personnel on current processes and tools.

* Maintain a curated repository of classified and unclassified sources, ensuring traceability and timely aggregation of threat reporting that enables targeted notification and production activities.

* Monitor global events and provide event-driven intelligence within the TIP, assessing implications of new laws, geopolitical shifts, and natural incidents for CIKR.

* Support exercises and real-time incident response with TIP-enabled intelligence, delivering rapid…