Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analyst | Security Operations Center (SOC)

Active Top Secret clearance required

We are seeking an experienced Cyber Threat Intelligence Analyst to join our Security Operations Center (SOC) team. This role supports analysis and research on the latest advanced cyber threats to provide actionable threat intelligence, including adversary indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), behaviors, and trends to help defend the client agency.

• Conduct analysis to profile threat actor TTPs used to infiltrate networks, systems, and assets; produce threat actor cards, profiles, and threat briefs
• Report on current and emerging threats that exploit vulnerabilities and provide detailed vulnerability assessments to stakeholders
• Collect, analyze, and correlate cyber threat intelligence from open-source, commercial, and government sources
• Monitor open-source intelligence, industry reports, and internal security logs to gather threat information; synthesize and disseminate critical insights to relevant stakeholders
• Conduct tactical, operational, and strategic threat analysis in support of ongoing monitoring and investigations; identify patterns and attribute attacks to specific actors
• Track threat actors, phishing campaigns, malware, and TTPs relevant to the agency's mission and technology footprint
• Produce actionable reports, briefings, and IOCs for internal stakeholders
• Support development of new detection rules and analytics based on evolving threats

• 10+ years of experience in cybersecurity threat intelligence, intelligence analysis, threat analysis, or related cybersecurity role
• Proven experience as a cyber threat analyst collaborating with multiple internal and external stakeholders to gather data, analyze intelligence, create joint reports, and share findings with relevant entities
• Ability to prioritize and manage multiple events/initiatives simultaneously
• Experience using MISP Threat Intelligence Platform or similar intelligence platforms
• Familiarity with CNE and CNA tools and tradecraft, along with signatures, tactics, techniques, and procedures associated with preparation for and execution of such attacks
• Knowledge of cyber threats, open-source research, nation-state actors, current vulnerabilities, and cyber attacks
• Bachelor's degree (or 4 years of additional experience in lieu of degree)

• Experience working in a SOC or cyber operations environment
• Experience with Splunk (writing/understanding queries and evaluating telemetry logs)
• Ability to write and deliver succinct briefings, presentations, and reports conveying analysis, threat trends, threat actor profiles, indicator bulletins, vulnerability details, and defensive strategies to varied audiences
• Knowledge of current and emerging cyber adversaries and their TTPs
• Knowledge of threat modeling and adversary tactics/techniques frameworks such as MITRE ATT&CK, Cyber Kill Chain, STRIDE, PASTA, etc.
• Familiarity with Confluence and Jira
• Familiarity with Service Now or similar ticketing systems
• Current certification: CISSP, GCTI, GCIA, GCIH, CEH, CTIA, or equivalent