Cyber Security Threat Intelligence Analyst (Jr. to Sr. Level)

Job Description:

The ideal threat intelligence candidate Identifies and assesses the capabilities and activities of cybersecurity criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities. ZeroDay Partners is seeking candidates with the following capabilities to be considered for incoming opportunities:

Potential Responsibilities: The following is a list of skills that the ideal candidate will have experience in.  Depending on the specific role within the team, the responsibilities may vary from the list below.
  • Answer requests for information.
  • Provide subject matter expertise to the development of a common operational picture. 
  • Maintain a common intelligence picture.
  • Provide subject matter expertise to the development of cyber operations specific indicators.
  • Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities.
  • Assist in the identification of intelligence collection shortfalls.
  • Brief threat and/or target current situations.
  • Collaborate with intelligence analysts/targeting organizations involved in related areas.
  • Conduct in-depth research and analysis.
  • Conduct nodal analysis.
  • Develop information requirements necessary for answering priority information requests.
  • Evaluate threat decision-making processes.
  • Identify threats to Blue Force vulnerabilities.
  • Generate requests for information.
  • Identify threat tactics, and methodologies.
  • Identify intelligence gaps and shortfalls.
  • Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets.
  • Monitor and report on validated threat activities.
  • Monitor open source websites for hostile content directed towards organizational or partner interests.
  • Monitor operational environment and report on adversarial activities which fulfill leadership’s priority information requirements.
  • Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies).
  • Provide subject-matter expertise and support to planning/developmental forums and working groups as appropriate.
  • Provide current intelligence support to critical internal/external stakeholders as appropriate.
  • Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations.
  • Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations.
  • Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations.
  • Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.
  • Report intelligence-derived significant network events and intrusions.
  • Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date.

Preferred Knowledge:

  • Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities. 
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of human-computer interaction principles.
  • Knowledge of network traffic analysis methods.
  • Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless).
  • Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of website types, administration, functions, and content management system (CMS).
  • Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
  • Knowledge of classification and control markings standards, policies and procedures.
  • Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
  • Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
  • Knowledge of current computer-based intrusion sets.
  • Knowledge of cyber intelligence/information collection capabilities and repositories.
  • Knowledge of cyber operations terminology/lexicon.
  • Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
  • Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
  • Knowledge of evolving/emerging communications technologies.
  • Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects.
  • Knowledge of general Supervisory control and data acquisition (SCADA) system components.
  • Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.
  • Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
  • Knowledge of how modern digital and telephony networks impact cyber operations.
  • Knowledge of how modern wireless communications systems impact cyber operations.
  • Knowledge of how to extract, analyze, and use metadata.
  • Knowledge of intelligence disciplines.
  • Knowledge of intelligence preparation of the environment and similar processes.
  • Knowledge of intelligence support to planning, execution, and assessment.
  • Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions.
  • Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
  • Knowledge of malware.
  • Knowledge of operations security.
  • Knowledge of organizational hierarchy and cyber decision-making processes.
  • Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
  • Knowledge of telecommunications fundamentals.
  • Knowledge of the basic structure, architecture, and design of modern communication networks.
  • Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • Knowledge of the ways in which targets or threats use the Internet.
  • Knowledge of threat and/or target systems.
  • Knowledge of virtualization products (VMware, Virtual PC).
  • Knowledge of what constitutes a “threat” to a network.
  • Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Preferred Skills:

  • Skill in conducting non-attributable research.
  • Skill in conducting research using deep web.
  • Skill in defining and characterizing all pertinent aspects of the operational environment.
  • Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
  • Skill in evaluating information for reliability, validity, and relevance.
  • Skill in identifying alternative analytical interpretations to minimize unanticipated outcomes.
  • Skill in identifying critical target elements, to include critical target elements for the cyber domain.
  • Skill in identifying cyber threats which may jeopardize organization and/or partner interests.
  • Skill in preparing and presenting briefings.
  • Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
  • Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
  • Skill in using Boolean operators to construct simple and complex queries.
  • Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.).
  • Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches.
  • Skill in utilizing feedback to improve processes, products, and services.
  • Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
  • Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources.

Preferred Abilities:

  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. 
  • Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
  • Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes.
  • Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
  • Ability to effectively collaborate via virtual teams.
  • Ability to evaluate information for reliability, validity, and relevance.
  • Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
  • Ability to focus research efforts to meet the customer’s decision-making needs.
  • Ability to function effectively in a dynamic, fast-paced environment.
  • Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
  • Ability to identify intelligence gaps.
  • Ability to recognize and mitigate cognitive biases which may affect analysis.
  • Ability to recognize and mitigate deception in reporting and analysis.
  • Ability to think critically.
  • Ability to think like threat actors.
  • Ability to utilize multiple intelligence sources across all intelligence disciplines.


  • Completion of a Bachelor’s degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience)
  • 1+ years of experience as a cyber security analyst or related role.
  • Certifications preferred but not required.

Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field