Threat Intelligence Analyst - Remote

The Threat Intelligence Analyst is part of the Countering Hybrid Threats department, which resides on the CIS Threat Intelligence team and reports to the Executive Director of Countering Hybrid Threats. As a Threat Intelligence Analyst, you will apply data, cyber, and open-source intelligence (OSINT) techniques to help identify, analyze, and respond to malicious cyber, physical, and information operation activities. Analysis must be effectively communicated in formal assessments to decision makers and stakeholders to drive effective counter measures.

Job functions include using open-source and commercial tools to collect and analyze data from various sources, including cyber feeds and collections, social media, news media (including video content), online form content, online chats, and blockchain intelligence platforms. Candidates are expected to understand hybrid threats (cyber, physical, and information operation crossovers) and have expertise in geopolitical tensions, threat actor ideologies, and threat actor tactics, techniques, and procedures (TTPs). Experience using blockchain analysis tools and conducting cryptocurrency investigations is preferred.

As a member of the team, you will work in both a classified and unclassified environment, with limited oversight, to integrate threat analysis into operations and intelligence teams. The Threat Intelligence Analysts are tasked with helping to solve complex threat problems, which may involve essential duties and responsibilities that must continue during crisis situations and contingency operations, necessitating extended working hours.

What You'll Do:

• Identify emerging operations and trends based on extensive research into cyber, physical, and information related threat activity to determine pertinent communications, countermeasures, and recommendations for decision makers, with minimal assistance or oversight
• Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze cyber threat data from various sources to extract relevant and timely indicators for sharing with members in near real-time
• Implement data analysis practices to assess trends and patterns of cyber, physical, and information operations networks and aid in determining potential and expected impacts
• Conduct cyber technical analysis of malicious and suspicious code to understand the nature of the threat and to extract unique attributes for proactive defense
• Identify, monitor, track, and catalog threat actors, their ideologies, and their tactics by leveraging commercial and open-source intelligence collection tools
• Leverage blockchain analysis tools to trace cryptocurrency transactions and identify malicious activity
• Generate briefing material, written products, and simple graphics to convey analysis both verbally and in writing for key stakeholders
• Coordinate internally and externally with CIS and the Multi-State Information Sharing and Analysis Center (MS-ISAC), as well as supporting partners to provide threat expertise
• Aid U.S. election officials with responding to and analyzing threat centric incidents
• On call and after-hours surge support are required
• Other tasks and responsibilities as assigned

What You'll Need:

• Bachelor’s degree in Intelligence, Cybersecurity, Data Science, International Affairs, or a related field*
• 2+ years’ experience in an analytical role as a cyber threat intelligence analyst, digital forensics analyst, intelligence analyst, information operations analyst, counterintelligence or terrorism analyst, or similar role
• Demonstrated practical experience and knowledge of OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, Chainalysis Reactor, social media scraping tools, etc.)
• Knowledge of the cyber threat landscape and common network architecture and security concepts (e.g., web content filtering, domain reputation policy, signatures, indicators of compromise, host-based analysis systems, email analysis, etc.)
• Excellent verbal and written communication skills, including the ability to clearly articulate complicated technical matters to a variety of audiences and to adapt to customer personalities
• Experience in a high-paced investigative environment
• Must be capable of obtaining and maintaining a Top-Secret National Security clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's a Plus if You Have:

• Master's degree in related field
• Formal intelligence analysis training
• Blockchain analysis experience
• Basic knowledge with programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL)
• Language proficiencies (e.g., Chinese, Russian, Korean, Arabic, Persian, etc.)
• Certifications in related areas (e.g., GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc.)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.
• False Statements
• Financial Issues
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.

Compensation Range:

$40.25 - $70.49