Reporting to the Director of Intelligence & Incident Response, the Cyber Threat Intelligence (CTI) Manager is responsible for supervising the daily operations of the CTI Team, assisting the Director in maturing the capabilities of the team, and leading efforts for continual process improvement to keep the CTI team on pace with or ahead of malicious cyber actors. The CTI Manager is expected to be the senior subject matter expert for CTI matters, including collection management, analysis and production, real-time intelligence sharing, malware analysis, and countermeasure development.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills.
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Manage the daily operations, training, and resourcing of the CTI team members
• Direct, control, and supervise the collection, analysis, and dissemination of raw, technical, operational, and strategic information and intelligence by the CTI Team in coordination with the Director of Intelligence and other Operations and Security Services (OSS) leaders, including the production of briefings and presentations
• Manage and supervise processes to ensure that relevant, actionable information and intelligence is provided to CIS staff, partners, and MS-ISAC members, as well as the federal government
• Manage the production of all-source cyber intelligence analysis, ensuring production adheres to organizational and community standards
• Supervise communications to MS-ISAC members to ensure all items are promptly responded to and completed in a timely manner
• Manage, oversee, and improve the use of the team’s Threat Intelligence Platform(s) (TIP) and other tools, including internal and external resources and capabilities
• Manage and oversee the use of malware analysis, reverse engineering, and open-source technical analysis, including dark web research, for proactive defense
• Identify opportunities to integrate the classified space and classified intelligence into CIS/MS-ISAC operations
• Lead the development and deployment of effective security countermeasures aligned with industry frameworks and analytic models (e.g. MITRE ATT&CK, VERIS, Diamond Model of Intrusion Analysis) as well as custom frameworks
• Provide training to the CTI team and other CIS staff
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Cybersecurity, Computer Science, Intelligence, or a related field*
• 4+ years experience as an Intelligence Analyst, Cybersecurity Specialist/Analyst, Forensics Analyst, Malware Analyst/Reverse Engineer, or related role supporting federal or SLTT government or law enforcement agencies
• 1+ years experience managing, coaching, and/or mentoring individuals and/or teams
• In-depth knowledge of intelligence analysis, cyber threat intelligence, actors, malware, tactics, techniques, and procedures (TTPs), malware, cybersecurity best practices, and various security methodologies, processes, and technical security solutions
• Working knowledge in the analysis of host and network logs, network flow, malicious indicators or compromise, and other evidence used in digital forensics, incident response, cybercrime investigations, and Security Operations Center (SOC) operations
• Experience in a SOC, Computer Emergency Response Team, or similar incident response environments
• Practical experience with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform
• Excellent verbal and written communication skills including the ability to clearly articulate technical knowledge to a variety of audiences
• Must be capable of obtaining and maintaining a Top-Secret National Security clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
• Must be authorized to work in the United States

It's a Plus if You Have:

• Master’s degree and/or certifications in related field
• Formal Intelligence Analysis training
• Project management experience
• Working knowledge of the U.S. Intelligence Community, SLTT governments, and/or Fusion Centers
• Practical experience with malware analysis and reverse engineering
• Certifications in related areas (e.g. GCTI, GSLC, GCIH, GCFE, CISSP, etc.)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.)
• False Statements
• Financial Issues
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.