The Threat Intelligence Analyst is part of the Countering Hybrid Threats department, which resides on the CIS Threat Intelligence team and reports to the Deputy Director of Countering Hybrid Threats. As a Threat Intelligence Analyst, you will apply data, cyber, and open-source intelligence (OSINT) techniques to help identify, analyze, and respond to malicious cyber, physical, and information operation activities. Analysis must be effectively communicated in formal assessments to decision makers and stakeholders to drive effective countering measures.

Job functions include using open and commercial tools to collect and analyze data from sources including cyber feeds and collections, social media, news media (including video content), online form content, and online chats. Candidates are expected to understand hybrid threats (cyber, physical, and information operation crossovers) and have expertise on geopolitical tensions and threat actor ideologies and tactics.

As a member of the team, you will work in both a classified and unclassified environment, with limited oversight, to integrate threat analysis into Operations and Intelligence teams. The Threat Intelligence Analysts are tasked with helping to solve complex threat problems, which may involve essential duties and responsibilities that must continue during crisis situations and contingency operations, necessitating extended working hours.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Identify emerging operations and trends based on extensive research into cyber, physical, and information related threat activity to determine pertinent communications, countermeasures, and recommendations for decision makers, with minimal assistance or oversight
• Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze cyber threat data from various sources to extract relevant and timely indicators for sharing with members in near real-time
• Implement data analysis practices to assess trends and patterns of cyber, physical, and information operations networks and aid in determining potential and expected impacts
• Conduct cyber technical analysis of malicious and suspicious code to understand the nature of the threat and to extract unique attributes for proactive defense
• Identify, monitor, track, and catalog threat actors, their ideologies, and their tactics by leveraging commercial and open-source intelligence collection tools
• Generate briefing material, written products, and simple graphics to convey analysis both verbally and in writing for key stakeholders
• Coordinate internally and externally with CIS and the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC), as well as supporting partners to provide threat expertise
• Aid U.S. election officials with responding to and analyzing threat centric incidents, particularly within the EI-ISAC’s Situational Rooms
• On call and after-hours surge support are required
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Intelligence, Cybersecurity, Data Science, International Affairs, or a related field*
• 2+ years’ experience in an analytical role as a cyber threat intelligence analyst, digital forensics analyst, intelligence analyst, information operations analyst, counterintelligence or terrorism analyst, or similar role
• Demonstrated practical experience and knowledge of OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Knowledge of the cyber threat landscape and common network architecture and security concepts (e.g., web content filtering, domain reputation policy, signatures, indicators of compromise, host-based analysis systems, email analysis, etc.)
• Excellent verbal and written communication skills, including the ability to clearly articulate complicated technical matters to a variety of audiences and to adapt to customer personalities
• Experience in a high-paced security operations environment
• Must be capable of obtaining and maintaining a Top-Secret National Security clearance
• The position is open to U.S. Citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's a Plus if You Have:

• Master's degree in related field
• Formal intelligence analysis training
• Basic knowledge with programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL)
• Language proficiencies (e.g., Chinese, Russian, Korean, Arabic, Persian, etc.)
• Certifications in related areas (e.g., GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc.)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction)
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.