Cyber Intelligence AnalystThe Federal Reserve Bank of San Francisco believes in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve.
Area Overview: The National Incident Response Team (NIRT), a national service provider for the Federal Reserve System (FRS), delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the FRS. The mission of NIRT is to play a leading role in the efforts to protect its information systems against unauthorized use.
Job Description: NIRT is seeking a highly-motivated and experienced Cyber Intelligence Analyst. As a senior level analyst, you will be provided an opportunity to work with a group of highly-skilled cyber intelligence analysts to defend the (FRS) from current and future cyber threats. You will analyze and track significant current events, threat actors, campaigns, tactics, techniques, and procedures (TTPs), and malware with the purpose of synthesizing information, identifying cause and effect, and understanding impact to current risk posture. You will analyze both raw and finished intelligence with an emphasis on the production of operational intelligence products to drive NIRT's security posture, inform FRS information security and technology practitioners and managers, assess exposure, identify controls or mitigations, and better inform their awareness of ongoing cyber threat activity. You will collaborate with other intelligence analysts and groups within NIRT to ensure cyber intelligence is being effectively produced and utilized.
- Collects, assesses and analyzes intelligence reports from different sources and disciplines
- Synthesizes and places intelligence information into context; draws insights about the possible implications
- Understands the overall threat landscape; knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored])
- Monitors and demonstrates the deep web to gather intelligence about threat methods and actors to improve the Bank's intelligence products
- Reviews threats and provides analysis on how they relate to FRS environments
- Monitors open source, social media, and other channels to report findings through various alerts
- Produces internal intelligence reports to characterize threats based on observed FRS cyber activity through incident analysis and campaign tracking
- Communicates tactical and strategic threat information to business leaders to assist them in making cyber risk decisions and to mitigate threats
- Produces cyber intelligence reports communicating technical issues to a broad audience including information security staff, non-technical business representatives and senior management
- Performs dedicated hunting for intelligence related to malicious activity that can impact the FRS' network and digital assets
- Provides cyber intelligence training through experienced understanding of TTPs of cyber threat actors
- Attends industry trade shows and networking events to expand body of knowledge
- Develops and executes plans for intelligence requirements, analytic products and supporting workflows
- Influences the selection of tools and development of tradecraft
- Collaborate with partners to translate cyber intelligence into an instrumentation and detection strategy
- Delivers intelligence briefings to partners as necessary
- Correlates geopolitical events with changes in cyber risk
- Identifies long-term attack/actor trends and translate into potential business impact (long-term risk)
- Develop and maintain intelligence production style guide and templates
- Provides input to Intelligence Management processes
- Review of intelligence products to external partners (assures products include assessment and not just facts; accurately conveys urgency, severity, and credibility)
- Engages with client partners to identify intelligence and information requirements
- Builds and maintains customer intelligence portfolios
In addition to the required skills above, the FRS prefers individuals with the following skills:
- Plans and coordinates the development and implementation of improvements in one or more cyber intelligence areas of responsibility
- Prioritizes collection, analysis and production tasking for junior analysts
- Shares a point of view and mentorship to other team members on improvements : collection optimization, operational intelligence analysis, or strategic intelligence analysis
- Responsible for the development of analytic products, collection plans or detection capabilities
- Reviews intelligence products for consistency to analytic standards
- Envisions and proposes cross-team initiatives to implement cyber security improvements for recognized gaps
- Serves as an authority to external NIRT partners through regular engagements or workgroup assignments
- Represents NIRT's services and interests with business area, District, and National IT functions
- Runs large scale or long term projects in support of NIRT, National IT, or System initiatives
Required: Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis, or a domain related field or an equivalent combination of education and work experience.
Preferred: Master's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis. Related discipline and experience in security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and experience.
Required: Typically requires 8 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience in computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, or cyber intelligence; experience in significant computer network defense discipline.
Preferred: Typically requires 10-12 years of combined IT and/or security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 8 years in relevant computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, cyber intelligence or engineering principles discipline
Additional Qualifications or Requirements
- Ability to obtain and maintain National Security Clearance.
- Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms
- Extensive experience in designing and implementing security solutions
- Deep understanding of computer network defense, computer network exploitation, incident response, computer forensics, malware reversing, or cyber intelligence.
The Federal Reserve Bank of San Francisco is an equal opportunity employer