The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

As a Cyber Threat Intelligence Analyst, you will identify and begin to apply data and technical analysis to aid in and draft actionable Cyber Threat Intelligence (CTI) catered to state, local, tribal, and territorial (SLTT) governments. As a member of the CTI Team, you will work with limited oversight to integrate CTI analysis within operations teams in the 24x7 Security Operations Center (SOC) as well as SLTT and Federal partners.

You will work in both a classified and unclassified environment to develop tactical, operational, and strategic intelligence about threat groups, their methodologies, and motivations, and to aid in solving complex threat-centric problems focused on driving SLTTs toward proactive network defense. This position may involve essential duties and responsibilities that must continue during crisis situations and contingency operations, necessitating extended working hours.

• Conduct CTI initiatives in support of state, local, tribal, and territorial (SLTT) governments to include determining their intelligence needs and requirements, and helping identify the most effective methods for fulfilling these unique requirements
• Identify emerging trends based upon extensive research into threat activity and determine customer-relevant threat intelligence with minimal assistance or oversight
• Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze CTI data from various sources to extract relevant and timely indicators for sharing with members in near real-time
• Draft briefing material, written products, and simple graphics in order to convey analysis both verbally and in writing to a variety of audiences
• Conduct technical analysis of malicious and suspicious code to understand the nature of the threat and to extract unique attributes for proactive defense
• Conduct open source research and technical analysis, including dark web research, for proactive defense
• Craft and apply effective security countermeasures aligned with industry frameworks and analytic models (e.g. MITRE ATT&CK, VERIS, Diamond Model of Intrusion Analysis) as well as custom frameworks using data-driven threat intelligence
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Cybersecurity, Computer Science, Intelligence, Data Science, or a related field*
• 1+ years’ experience in an analytical role as a network forensics analyst, cyber threat intelligence analyst, digital forensics analysis, reverse engineer, security engineer, or similar title
• Experience in a Security Operations Center, Computer Emergency Response Team, or similar incident response environments
• Working knowledge of network architecture and security (e.g., web content filtering, domain reputation policy, signatures, host-based analysis systems, email analysis)
• Experience with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform
• Basic knowledge with programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL)
• Great verbal and written communication skills including the ability to clearly articulate complicated technical matters to a variety of audiences and to adapt to customer personalities
• Must be capable of obtaining and maintaining a Top-Secret National Security clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
• Must be authorized to work in the United States
• Full COVID-19 vaccination may be required. 

It's A Plus If You Have:

• Master's degree in related field
• Formal intelligence analysis training
• Experience with technical malware analysis
• Certifications in related areas (e.g. GCTI, GCIH, GCFE, GCFA, etc.)
• Working knowledge of the U.S. Intelligence Community, SLTT governments, and/or fusion centers

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.