Cyber Threat Intelligence Lead

Conducts all-source analysis, digital forensics, and targeting to identify, monitor, assess, and counter the threat posed by malicious actors against information systems, critical infrastructure, and cyber-related interests. Provide assessments of the intentions of adversary groups to conduct computer network exploitation (CNE) and computer network attack (CNA) against infrastructure systems, applications, and data. Review the ingest of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts from external sources and determine its applicability to the system environment

Duties

• Prepare and coordinate strategic, high-level Cyber Threat Assessments, and provide tactical analysis, advice, and information concerning adversary cyber actions and capabilities to the Government. 
• Use all-source analysis and all available disciplines to research, draft, and submit information to the Government.  
• Maintain in‐depth visibility across the Enterprise and a means of filtering and prioritizing threat data into concise, actionable intelligence.
• Compile and interpret the information received about emerging threats at different classification levels through data feeds.
• Review the ingest of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts and determine its applicability to the systems environment.
• Identify potential threats and identify current and evolving hacking tools and methodologies available to disrupt these systems.
• Determine risks to the Enterprise and develop mitigations and/or countermeasures.
• Author and redistribute cyber intelligence information based on knowledge of adversary capabilities, intentions, techniques, tactics, and procedures (TTP).
• Develop situational awareness and report cyber threat, vulnerability, and asset management data to Government Leadership.
• Communicate methods for detecting activities of specific threats, and plan operations to mitigate or disrupt the threat.
• Collaborate in the development of enterprise-level playbooks for automation and orchestration.
• Employ a Cyber Kill Chain methodology as part of the defense-in-depth strategy for enhanced insights and reporting of cyber activity.
• Collaborate with government and contractor cyber threat analysts to satisfy requests for information from stakeholders throughout the enterprise as well as with external partners and stakeholders.
• Submit assessments on trending topics in Cyberspace for Government leadership review, approval, and distribution.
• Develop and present environment-relevant briefings on threats to the Information Environment.
• Apply scientific and technical knowledge to solving complex problems, produce short-term and long-term written assessments, and brief decision makers.
• Participate in cyberspace-related, community of interests, Video Teleconferences (VTC), and other venues.
• Present key technical intelligence to senior decision/policymakers

Qualifications

• 10 years of computer information technology experience.
• 5 years performing Cyber Threat Assessments
• 3 years of intrusion detection and/or incident handling experience
• Bachelor degree
• Certification: CISSP, GIAC, CEH, CISA, CISP, or equivalent
• Knowledge/Understanding of Cyber Kill Chain threat framework/model for the identification and prevention of cyber intrusions activity and for enhanced insights and reporting of cyber activity
• Public Trust clearance capability