Senior Cyber Threat Intelligence Analyst (CTIA) - 4LOCS

Title: Senior Cyber Threat Intelligence Analyst (CTIA)

Personnel Qualifications

• Master’s or Bachelor’s degree in: Strategic Intelligence or International Securities Studies, Economics or Finance, Cyber Security, Computer Science, Telecommunications, Information Systems or Assurance, Securities Studies Capabilities
• Currently possess an in-scope valid/active National Security Top Secret/SCI level clearance.
• With master’s degree, 12 years of experience applying intelligence tradecraft to write intelligence or derivative products (with at least 5 years of experience analyzing cyber threat strategic and anticipatory intelligence; some experience supporting and assessing emerging cyber threats for the U.S. Government or US financial institutions. With bachelor’s degree 17 years of experience in the same areas. (Note: The position performs intelligence analysis, not threat hunting or response associated with security operations center)
• Applied experience with at least six of the following concepts: analytic tradecraft standards, cyber kill chain, diamond model, advanced persistent threat, cybercrime, hacktivism, cyber fraud, malware and ransomware, social engineering, incident response, threat intelligence, and host and network-based security.
• Advanced understanding of intelligence tools available on JWICS to maximize collation and analysis to provide relevant and timely intelligence to consumers.
• Demonstrates ability to work independently with minimal oversight and direction
• Demonstrates ability to collaborate and work with other IC members, established working groups or ad hoc multi-disciplined teams on information sharing and refining collections
• Solid teamwork skills, including the ability to collaborate with others who are conducting research in the same, similar, or different areas
• Experience in collating and assessing intelligence reports derived from multiple intelligence platforms and tools to identify relevant and timely intelligence
• Ability to vet, enrich, and maintain technical data, including indicators of compromise, shared from partner agencies and key stakeholders
• Demonstrates in-depth knowledge and understanding of advanced persistent threats, common vulnerabilities and exposures (CVE), ransomware as a service, as well as other cyber-related tactics, techniques, and procedures (TTPs). This includes understanding of
• Corporate and government technology (networks, hardware, software, operating systems, etc.)
• Cybersecurity tools / perspectives (defensive, investigative, analytical, risk, etc.)
• Demonstrates the ability to organize and prioritize complex time- dependent task flows (i.e., tracking and prioritizing issues and inquiries)
• Demonstrates competence in applying analytic tradecraft standards (ICD 203) in verbal or written finished intelligence, white papers, research studies and briefings that integrate intelligence community (IC) threat assessments and open-source reporting with proprietary Federal Reserve System (FRS) data to communicate complex relationships or impacts to FRS decision makers and stakeholders.
• Demonstrates ability to develop structured research to produce an integrated, timely, logical, and concise analytic reports, documents, assessments, studies, and briefing materials.
• Demonstrates the ability to integrate threat intelligence reports, open-source analysis, and department/agency level data into concise, insightful, and comprehensive analytic products to communicate the aggregated results to people who need to know the results (e.g., government decision-makers, security officials, senior corporate officials)
• Demonstrates capability in applying critical thought and detail to recognize nuances in cyber-related reporting and to resolve contradictions and inconsistencies in information
• Demonstrates forward thinking, e.g. “What would I do next if I were the attacker”
• Understanding of payment and settlement systems, money and financial markets
• Experience with continuing operations during emerging or ongoing events that may include a cyber of national level incident response.

Certification in at least one of the following (or recognized equivalents):

• CISSP (Certified Information Systems Security Professional)
• Security+
• ISSEP (Information Systems Security Engineering Professional)
• GIAC (Global Information Assurance Certification)