Senior Cyber Threat Intelligence Analyst CTIA

Integrated Resiliency and Intelligence Programs (IRIP) coordinates with the US Intelligence Community on behalf of the Federal Reserve System with the explicit mission to consume and respond to raw and finished strategic, anticipatory, and current operations cyber intelligence made by the U.S. Intelligence Community that impact the national security of the United States, U.S. financial sector, and the Federal Reserve System.

The Contractor shall provide a Cyber Threat Intelligence Analyst (CTIA) with intelligence analysis experience (i.e. FBI, CIA, DOD, CISA) possessing an understanding of cyber threats, tactics, and techniques. The CTIA should be capable of analyzing emerging cyber threats and advanced persistent threats to allow for understanding, mitigating, and neutralizing cyber-based threats to the Federal Reserve System. The CTIA will prepare briefings across the full spectrum of cyber threats to provide strategic warning, anticipatory information for imminent or emerging threats, and information to support current operations to address ongoing threat impacts.

Requirements include:

Master s or Bachelor s degree in:

o Strategic Intelligence or International Securities Studies,

o Economics or Finance,

o Cyber Security,

o Computer Science,

o Telecommunications,

o Information Systems or Assurance,

o Securities Studies

Currently possess an in-scope valid/active National Security Top Secret/SCI level clearance.

With the master s degree, 12 years of experience applying intelligence tradecraft to write intelligence or derivative products (with at least 5 years of experience analyzing cyber threat strategic and anticipatory intelligence; some experience supporting and assessing emerging cyber threats for the U.S. Government or US financial institutions or with bachelor s degree 17 years of experience in the same areas. (Note: The position performs intelligence analysis, not threat hunting or response associated with security operations center)

Certification in at least one of the following (or recognized equivalents):

o CISSP (Certified Information Systems Security Professional)

o Security+

o ISSEP (Information Systems Security Engineering Professional)

o GIAC (Global Information Assurance Certification)

Experience needed includes:

Applied experience with at least six of the following concepts: analytic tradecraft standards, cyber kill chain, diamond model, advanced persistent threat, cybercrime, hacktivism, cyber fraud, malware and ransomware, social engineering, incident response, threat intelligence, and host and network-based security.

Advanced understanding of intelligence tools available on JWICS to maximize collation and analysis to provide relevant and timely intelligence to consumers.

Demonstrates ability to work independently with minimal oversight and direction

Demonstrates ability to collaborate and work with other IC members, established working groups or ad hoc multi-disciplined teams on information sharing and refining collections

Solid teamwork skills, including the ability to collaborate with others who are conducting research in the same, similar, or different areas

o Experience in collating and assessing intelligence reports derived from multiple intelligence platforms and tools to identify relevant and timely intelligence

o Ability to vet, enrich, and maintain technical data, including indicators of compromise, shared from partner agencies and key stakeholders

Demonstrates in-depth knowledge and understanding of advanced persistent threats, common vulnerabilities and exposures (CVE), ransomware as a service, as well as other cyber-related tactics, techniques, and procedures (TTPs). This includes understanding of

o Corporate and government technology (networks, hardware, software, operating systems, etc.)

o Cybersecurity tools / perspectives (defensive, investigative, analytical, risk, etc.)

Demonstrates the ability to organize and prioritize complex time-dependent task flows (i.e., tracking and prioritizing issues and inquiries)

Demonstrates competence in applying analytic tradecraft standards (ICD 203) in verbal or written finished intelligence, white papers, research studies and briefings that integrate intelligence community (IC) threat assessments and open-source reporting with proprietary Federal Reserve System (FRS) data to communicate complex relationships or impacts to FRS decision makers and stakeholders.

Demonstrates ability to develop structured research to produce an integrated, timely, logical, and concise analytic reports, documents, assessments, studies, and briefing materials.

Demonstrates the ability to integrate threat intelligence reports, open-source analysis, and department/agency level data into concise, insightful, and comprehensive analytic products to communicate the aggregated results to people who need to know the results (e.g., government decision-makers, security officials, senior corporate officials)

Demonstrates capability in applying critical thought and detail to recognize nuances in cyber-related reporting and to resolve contradictions and inconsistencies in information

Demonstrates forward thinking, e.g. What would I do next if I were the attacker

Understanding of payment and settlement systems, money and financial markets

Experience with continuing operations during emerging or ongoing events that may include a cyber of national level incident response.