Senior Cyber Threat Intelligence Analyst

Clearwaters.IT is seeking an experienced Senior Cyber Threat Intelligence Analyst to support a program within the Department of Commerce. This position will be responsible for optimizing and managing threat intelligence processes, identifying and analyzing adversarial tactics, methodologies, and gaps in cybersecurity defenses. The Senior CTI Analyst will collaborate with internal and external stakeholders to produce critical intelligence products, report on emerging threats, and assist with operational planning to defend against cyber adversaries. This position requires deep expertise in all-source cyber threat intelligence collection, analysis, and reporting, with the ability to translate intelligence into actionable recommendations for cybersecurity operations and decision-making. This position is on-site in Washington D.C. This position is contingent on the award.

Develop and lead the Cyber Threat Intelligence (CTI) team, including mission definition, process optimization, task management, and documentation.

1. Identify threat tactics, methodologies, intelligence gaps, and shortfalls.
2. Be on call before and after the normal hours of operation including weekends and holidays.
3. Provide subject matter expertise to the development of cyber operations indicators and support intelligence requirements.
4. Monitor and assess open-source and classified cyber threat intelligence (CTI) sources at tactical, operational, and strategic levels, including social media, code-sharing platforms, and the darknet.
5. Analyze and report adversarial activities relevant to the Department of Commerce (DOC)’s IT systems, missions, and leadership information priorities.
6. Track and assess Advanced Persistent Threats (APT), cybercriminals, and hacktivist groups.
7. Produce and deliver timely, fused, all-source cyber intelligence products such as: Threat Assessments, Briefings, Intelligence Studies, Country Studies, APT and Cybercriminal Tracker Reports, Cyber Threat Intelligence Reports, Vulnerability and Mitigation Reports, Incident and Malware Analysis Reports, Ongoing Alert Reports.
8. Provide Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) to Security Operations Center (SOC), Threat Hunt, Forensics, and Penetration Testing teams.
9. Respond to Prioritized Intelligence Requirements (PIRs) from DOC leadership and provide associated analysis reports and feedback.
10. Create and deliver cyber threat briefings to key cybersecurity stakeholders and DOC senior leadership.
11. Support exercises, planning activities, and time-sensitive cyber operations with intelligence analysis and reporting.
12. Continuously update and maintain the Cyber Threat Intelligence Standard Operating Procedures (SOP) and related processes.
13. Recommend CTI program and policy enhancements, perform risk assessments, and advise leadership on mitigation strategies.
14. Review and synthesize Open-Source Intelligence (OSINT) and Closed-Source Intelligence to evaluate exposure, historical threats, and potential attack vectors.
15. Provide timely notice of imminent or hostile activities that may impact organizational objectives, resources, or capabilities.
16. Report intelligence-derived significant network events and intrusions.
17. Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and current.
18. Draft and submit Intelligence Collection and Production Requirements to the intelligence community.
19. Enable synchronization of intelligence support plans across DOC and partner organizations.
20. Establish and maintain strong collaborative relationships with: Department of Homeland Security (DHS) intelligence programs, law enforcement agencies, and federal intelligence teams.
21. Coordinate with collection managers, planners, and external stakeholders (including CIO, CISO, BOC CIRT, DHS) to ensure alignment of intelligence needs and delivery of actionable insights.

Minimum qualifications include:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field (Master’s preferred).
• At least 7 years of experience in cyber threat intelligence, cybersecurity operations, or related fields.
• Active TS/SCI Security Clearance.
• Relevant certifications such as CISSP, GIAC GCTI, CEH, or others.
• Proven leadership and team management experience in cyber threat intelligence.
• Expertise in analyzing adversary TTPs and familiarity with the MITRE ATT&CK Framework.
• Proficiency with threat intelligence platforms (e.g., Anomali, ThreatConnect), SIEM systems, and analysis tools.
• Experience with OSINT and all-source intelligence analysis techniques.
• Strong understanding of the cyber threat landscape, including adversarial groups and tactics.
• Experience within the federal government or similar public sector organizations.
• Excellent analytical, written, and verbal communication skills.
• Ability to collaborate across teams and lead initiatives.

Competitive salary and benefits include health, dental, and vision insurance; 401(k) with match; PTO; professional development; and other benefits.