Cyber Intelligence Analyst
San Francisco, CA

Job Description

Area Overview:

The National Incident Response Team (NIRT), a national service provider for the Federal Reserve System, delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the Federal Reserve System. The mission of the National Incident Response Team is to play a leading role in the Federal Reserve System's efforts to protect its information systems against unauthorized use.

Principle Duties and Responsibilities:

NIRT is seeking a highly-motivated and experienced Cyber Intelligence Analyst. This role is a senior level analyst position, providing an opportunity to work with a group of highly-skilled cyber intelligence analysts to defend the Federal Reserve System (FRS) from current and future cyber threats. This analyst will detail and analyze significant current events, threat actors, campaigns, tactics, techniques, and procedures (TTPs), and malware with the purpose of synthesizing information, identifying patterns, determining cause and effect, and understanding impact to current risk posture. This role will analyze both raw and finished intelligence with an emphasis on the production of operational intelligence products to drive NIRT's security posture, inform FRS information security and technology practitioners and managers, assess exposure, identify controls or mitigations, and better inform their awareness of ongoing cyber threat activity. This role will also include collaborating with other intelligence analysts and groups within NIRT to ensure cyber intelligence is being effectively produced and utilized.

Required Technical Skills:

* Collects, assesses and analyzes intelligence reports from multiple sources and disciplines
* Synthesizes and places intelligence information into context; draws insights about the possible implications
* Understands the overall threat landscape; knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored])
* Monitors and leverages the deep web to gather intelligence about threat methods and actors to enhance the Bank's intelligence products
* Reviews threats and provides analysis on how they relate to FRS environments
* Monitors open source, social media, and other channels to report findings through various alerts
* Produces internal cyber intelligence reports to characterize threats based on observed FRS cyber activity through incident analysis and campaign tracking
* Communicates tactical and strategic threat information to business leaders to assist them in making cyber risk decisions and to mitigate threats
* Produces cyber intelligence reports communicating technical issues to a broad audience including information security staff, non-technical business representatives and senior management
* Performs pro-active hunting for intelligence related to malicious activity that can impact the FRS' network and digital assets
* Deliver intelligence briefings to stakeholders as necessary
* Provides cyber intelligence training through expert understanding of tactics, techniques, and procedures of cyber threat actors
* Attends industry trade shows and networking events to expand body of knowledge
* Develops and executes plans for intelligence requirements, analytic products and supporting workflows
* Influences the selection of tools and development of tradecraft
* Collaborate with stakeholders to translate cyber intelligence into an instrumentation and detection strategy
* Delivers intelligence briefings to stakeholders as necessary
* Correlates geopolitical events with changes in cyber risk
* Identifies long-term attack/actor trends and translate into potential business impact (long-term risk)
* Develop and maintain intelligence production style guide and templates
* Provides input to Intelligence Management processes
* Review of intelligence products to external stakeholders (assures products include assessment and not just facts; accurately conveys urgency, severity, and credibility)
* Engages with client stakeholders to identify intelligence and information requirements
* Builds and maintains customer intelligence portfolios

Additional Skills:

* Define workflows and processes for optimizing the intelligence production cycle
* Develop and manage plan for ongoing customer engagement
* Envisions and proposes cross-team initiatives to implement cybersecurity improvements for recognized gaps
* Identifies strategic objectives and translates into actionable multi-year roadmaps
* Integrates innovative technology to improve data collection and analysis for threat characterization into intelligence strategy
* Invited to present cyber intelligence topics across the FRS or contributes to information security initiatives requiring threat intelligence expertise
* Leads the development and implementation of: initiatives to meet priority objectives, analytic products, collection plans or detection capabilities
* Plans and coordinates the development and implementation of improvements in one or more cyber intelligence areas of responsibility
* Prioritizes collection, analysis and production tasking for junior analysts
* Provides expertise and guidance to other team members on the development and implementation of improvements in one or more cyber intelligence areas of responsibility: collection optimization, operational intelligence analysis, or strategic intelligence analysis; expertise to internal and external stakeholders on an as-needed basis
* Represents NIRT's services and interests with business area, District, and National IT functions
* Reviews intelligence products for adherence to analytic standards
* Routinely supports cross-team initiatives to help implement cybersecurity improvements
* Runs large scale or long term projects in support of NIRT, National IT, or System initiatives
* Serves as an expert liaison to external NIRT stakeholders through regular engagements or workgroup assignment

Education/Certifications:

* Required: Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis, or a domain related field or an equivalent combination of education and work experience.
* Preferred: Master's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a domain related field or an equivalent combination of education and work experience.

Experience:
* Required: Typically requires 8 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience in computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, or cyber intelligence; experience in relevant computer network defense discipline.
* Preferred: Typically requires 10-12 years of combined IT and/or security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 8 years in relevant computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, cyber intelligence or engineering principles discipline

Additional Qualifications or Requirements:
* Ability to obtain and maintain National Security Clearance.
* Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms
* Extensive experience in designing and implementing security solutions
* Extensive knowledge of computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, or cyber intelligence.

The Federal Reserve Bank of San Francisco is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.