SBA - Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analyst Job Description Position: Cyber Threat Intelligence Analyst Program: SBA Enterprise Cybersecurity Services (ECS)Position Summary The Cyber Threat Intelligence Analyst supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by delivering advanced cyber threat intelligence, threat analysis, proactive threat hunting, and operational cybersecurity support services. The Cyber Threat Intelligence Analyst is responsible for collecting, analyzing, correlating, and disseminating actionable cyber threat intelligence to support the SBA Security Operations Center (SOC), cybersecurity operations, incident response activities, and enterprise risk mitigation efforts. The position supports 24x7x365 cybersecurity operations through advanced analysis of indicators of compromise (IOCs), adversary tactics, techniques, and procedures (TTPs), emerging vulnerabilities, and threat actor activity impacting federal information systems and cloud environments.Essential Duties and Responsibilities

• Provide cyber threat intelligence and operational analysis support for the SBA SOC in support of Task Area 3.5.3 Cybersecurity Operations Support.
• Conduct proactive cyber threat hunting activities across enterprise systems, cloud environments, endpoints, and network infrastructure.
• Analyze indicators of compromise (IOCs), threat actor tactics, techniques, and procedures (TTPs), malware behaviors, and emerging cyber threats.
• Monitor and evaluate cyber threat intelligence feeds, vendor reporting, CISA advisories, US-CERT alerts, and external intelligence sources.
• Perform advanced correlation and analysis of security events, SIEM data, IDS/IPS alerts, EDR telemetry, DNS logs, firewall logs, and network traffic.
• Support incident response and cybersecurity investigations through intelligence-driven analysis and threat attribution support.
• Develop cyber threat intelligence reports, operational briefings, situational awareness products, and executive-level summaries.
• Assist with the identification of previously unknown attack vectors and suspicious activity through threat hunting and anomaly analysis.
• Support digital forensics and incident analysis activities in coordination with SOC analysts, engineers, and incident responders.
• Develop and maintain threat intelligence playbooks, threat models, attack scenarios, and adversary profiles.
• Perform analysis of cloud security events and cyber threats impacting Microsoft 365, Azure, AWS, Salesforce, and hybrid cloud environments.
• Conduct research on advanced persistent threats (APTs), ransomware groups, insider threats, nation-state actors, and emerging cyber attack trends.
• Provide recommendations for defensive countermeasures, detection logic improvements, and enhanced security monitoring capabilities.
• Assist in the development of threat signatures, SIEM use cases, detection analytics, and threat detection content.
• Support continuous improvement of cybersecurity operations, threat intelligence workflows, and incident response processes.
• Coordinate with federal stakeholders, law enforcement, privacy officials, insider threat teams, and mission partners during cyber incident activities.
• Document investigative findings, intelligence assessments, and operational actions within case management and reporting systems.
• Participate in SOC operational meetings, shift briefings, incident coordination calls, and cybersecurity readiness activities.
• Maintain awareness of evolving cybersecurity technologies, federal threat reporting requirements, and NIST cybersecurity guidance.
• Support cybersecurity communications, intelligence sharing, and collaboration activities across the SBA enterprise.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Intelligence Studies, Information Assurance, or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 5 years of experience supporting cybersecurity operations, cyber threat intelligence, threat hunting, incident response, or SOC operations.
• Experience analyzing threat intelligence, indicators of compromise, adversary TTPs, and cybersecurity attack methodologies.
• Hands-on experience with SIEM, EDR, IDS/IPS, network analysis, and cyber defense tools.
• Experience conducting threat hunting and advanced event correlation across enterprise environments.
• Knowledge of federal cybersecurity frameworks and guidance including NIST SP 800-61, NIST SP 800-53, and CISA operational guidance.
• Understanding of MITRE ATT&CK framework and cyber kill chain methodologies.
• Experience with cloud security monitoring and threat analysis in Microsoft Azure, AWS, Microsoft 365, and hybrid environments.
• Strong analytical, investigative, communication, and reporting skills.
• Ability to support 24x7x365 cybersecurity operational environments.

Preferred Certifications

• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Security Professional (CISSP)
• CompTIA CySA+
• Certified Ethical Hacker (CEH)
• Splunk Enterprise Security Certified Admin
• Microsoft Security Operations Analyst Associate (SC-200)

Apply tot his job Apply To this Job