Requisition Number: 2020-06-017
Job Title: Cyber Threat Intelligence Analyst (IMAP)
City: Washington
State: DC

Return to list of Solutions By Design Careers

Cyber Threat Intelligence Analyst (IMAP)

Apply Now

Description/Job Summary

SBD is seeking a Cyber Threat Intelligence Specialist (IMAP) experienced in information security, threat intelligence, threat analysis, insider threat, project management, and information security monitoring and analytical tools. This individual will join our IMAP team, which is the overarching entity that incorporates our Cyber Threat Intelligence Program (CTI) and supporting elements to provide sustained detection and proactive analysis of security events, which are indicative of anomalous activity. Additionally, this program includes using behavioral analytics to determine threats and report results based on a risk scoring matrix, assembling and sharing intelligence information with pertinent sources, and providing support to the agency’s Insider Threat Program.

Responsibilities Include:

  • Review Open Source Intel for possible cyber threats
  • Review High Side Intel
  • Configure triggers and alerts in IMAP toolset
  • Configure IMAP Splunk dashboard
  • Configure IMAP Splunk correlation rules
  • Conduct proactive threat-hunting using the host monitoring tool to discover anomalous activities based on knowledge of adversary tradecraft by leveraging threat intelligence consisting of analyzed threat data with context enabling mitigating action, not just indicators of compromise
  • Analyze network traffic to and from the customer’s devices and network traffic traversing the network perimeter
  • Install and configure monitoring agent on client machines
  • Perform technical analysis of the data to assess for necessary escalation
  • Provide mitigation/remediation recommendations for malicious activities detected
  • Provide architecture/engineering advanced capabilities
  • Provide support to Agency’s Insider Threat Program as needed
  • Identify preeminent, occurring or planned targeted intrusions against the enterprise through the leveraging of partnerships with private and public cyber intelligence sources, utilizing existing security tool sets and advanced analysis methodologies
  • Deter, degrade, disrupt, and prevent sophisticated cyber actors from carrying out malicious cyber activities that can negatively affect the organization mission, systems, data or staff
  • Automation of IOC collection and implementation
  • Performs all-source intelligence analysis based on PIR
  • Notify appropriate staff of technical issues
  • Triage alerts in accordance with IMAP Risk Framework
  • Utilize IMAP toolset in accordance with acceptable use policies and applicable governance
  • Maintain close coordination with IMAP Team and partnering offices for all tasks as it pertains to anomaly detection and tools used to detect
  • Implement user stories and/or individual requests
  • Develop Custom Signatures against custom attacks
  • Discover recurrent activities/actors
  • Quality control of all analysts generated products
  • Coordinate access processes

Required Qualifications

  • Must have and maintain at least two (2) active certifications: Security+, CASP, CCNA, ISC2 CISSP or other comparable certification which must be approved in advance on a case-by-case basis
  • BA/BS or a minimum of three (3) years of experience with Cyber Threat Intelligence, Splunk, Insider Threat and APT
  • Basic understanding of Splunk architecture (indexer, forwarder, search heads, etc.) and experience with Splunk UI/GUI development and operational roles
  • Must be a US Citizen
  • Must have an active DoD Top Secret clearance; in addition, must be able to obtain an agency-specific clearance prior to starting
Apply Now
ACCESSIBILITY NOTE: SBD is committed to complying with all applicable provisions of the Americans with Disabilities Act, as amended (“ADA”), and applicable state and local laws. It is SBD’s policy not to discriminate against any qualified person or applicant with regard to any terms or conditions of employment on the basis of such individual’s disability. Consistent with this policy of non-discrimination, SBD will provide reasonable accommodations to an individual with a disability, as defined in the ADA or applicable law, who has made SBD aware of his/her disability, unless doing so would cause an undue hardship to SBD.  If you are an applicant and need a reasonable accommodation when applying for job opportunities within SBD, or request a reasonable accommodation to utilize SBD’s online employment application, please contact

EQUAL OPPORTUNITY EMPLOYER: SBD is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").