Tyto Athene is searching for a Cyber Threat Intelligence Analyst to support multiple cybersecurity workstreams within the Department of Health and Human Services (HHS). The individual will contribute to research, analysis, and operational support activities as part of HHS’s Cybersecurity Operations (CSO) division. The role is instrumental in assisting with the development, review, and management of cybersecurity initiatives and projects, specifically those aimed at protecting HHS and its partners in the Healthcare and Public Health (HPH) sector. This position requires a foundation in cybersecurity concepts, proficiency in research methodologies, and familiarity with both open and closed intelligence sources. The analyst will work closely with senior cybersecurity professionals to enhance HHS’s capabilities in identifying and mitigating threats, as well as in maintaining strong relationships with key stakeholders and partners

Responsibilities:

• Support a full Cybersecurity Threat Intelligence lifecycle
• Collect open source, classified, and internal intelligence artifacts from investigations for actionable mitigation and technical control recommendations
• Apply intelligence reporting and knowledge of the security network toward the discovery of suspicious activity and to prevent and/or detect future incidents
• Support standardization of threat responses
• Provide ad-hoc executive intelligence briefings
• Deliver concise weekly strategic and tactical intelligence reports
• Assess and outline the implications of reports to the client
• Support process improvement of the current cyber threat program and alignment with the strategic program

Threat Intelligence Collection and Analysis: Conduct exhaustive reviews of open-source cybersecurity reporting, including industry blogs, security forums, and public vulnerability databases. Access and analyze closed-source reporting from trusted partners and paid threat intelligence services, including tools like Intel 471 and Mandiant. Implement automated tools for continuous monitoring of threat landscapes, including the dark web, hacking forums, and other relevant sources. Prioritize intelligence gathering on threats specifically targeting HHS systems.

Threat Actor Profiling: Assist in the development and maintenance of comprehensive threat actor profiles, detailing their motivations, capabilities, historical activities, and preferred tactics. This includes conducting link analysis to identify connections between different threat actors and campaigns.

Product Development: Develop cybersecurity products such as white papers, analyst notes, and legislative analysis reports to support internal decision-making and inform the broader HPH sector. Support the creation of tailored threat briefings for various audiences, including technical teams and executive leadership, ensuring that stakeholders understand key threats and their impact.

Classified and Specialized Research: Maintain proficiency in specialized Intelligence Community (IC) tools such as Intelink, Lucky, OSE, Pulse, TAC, and Wire. Assist in the integration of classified information with unclassified data to enhance threat intelligence analysis. Conduct classified research and prepare intelligence reports for audiences with varying levels of security clearance (up to TS/SCI).

Information Sharing and Relationship Building: Develop relationships with classified information custodians across HHS to facilitate necessary information sharing. Engage with external cybersecurity organizations to facilitate the exchange of information. Participate in classified briefings and contribute to information sharing initiatives aimed at enhancing collective cybersecurity defenses.

Support Threat Briefings: Develop and deliver threat briefings that cater to both technical and non-technical audiences. This includes assisting in the development of detailed threat landscape reports and intelligence summaries for leadership, using qualitative and quantitative analysis, and integrating findings from tools such as Intel 471 and Mandiant.

Collaboration and Stakeholder Engagement: Assist in building relationships with both internal and external cybersecurity stakeholders, including industry partners. Support efforts to enhance the sharing of threat intelligence and ensure that the HHS Cybersecurity Operations team remains informed on emerging threats and vulnerabilities.

Required:

• Bachelors degree and 4 years of experience
• CompTIA Security+, or Certified Ethical Hacker (CEH), or GIAC Cyber Threat Intelligence (GCTI)
• Strong knowledge related to the current state of cyber adversary tools, techniques, and tactics
• Broad understanding of network architecture and network security methods, including capabilities and limitations.
• Experience with basic malware analysis
• Strong analytical skills and the ability to effectively research, write, communicate, and brief varying levels of audiences to include at the executive level

Desired:

• Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses is a plus
• Knowledge of the TCP/IP networking stack and network IDS technologies, a plus

Location:

• This is a hybrid role with expectations of being on the client site at times in Washington, DC

Clearance: TS/SCI Eligible

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.