Cyber Intelligence Director
- Military veterans preferred
2020-02-04 SAIC (www.saic.com)
Reston Virginia 20190 United States
The Director of the Cyber Threat Intelligence & Integration Center (CTIIC) will stand up and put into production the CTIIC organization and office space and will develop services that provide integrated all-source intelligence analysis related to foreign and national cyber threats and cyber incidents affecting SAIC interests to include potential customer networks. The Director will integrate the Corporate Security Operations Center (CSOC) and the Cyber Incident Response Team (CIRT) to create a team that will provide world class cyber threat intelligence and incident response capabilities to both SAIC and its customers. Once established, the CTIIC will transition to a completely customer-focused capability.
What You Will Be Doing
Lead and develop the CTIIC function/organization within the Office of the Chief Information Security Officer (CISO)
Contribute to the strategic leadership of Defensive Cyber Operations for SAIC and its customers.Provides Threat Intelligence analysis supporting the Corporate CISO and clients 24x7x365 operations center. Contributes to a team of information assurance professionals working with Intrusion Detection Systems (IDS) software and hardware, analyzing IDS data, writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.
Serve as the Cyber Threat Intelligence & Integration Director in support of SAIC’s Corporate Network. This organization provides cyber security services and monitors and protects from cyber threats SAIC’s and customer’s personnel, information and data to include Controlled Unclassified Information (CUI), and information systems; provides timely and relevant intelligence to assist with mitigating cyber threats confronting SAIC and its customers.
The Director will support the CISOs overall cyber monitoring and incident response efforts. They must have the political acumen and the confidence to reach out and work with other agencies and industry stakeholders, to share threat information and work together to advance threat hunting capabilities. Ensures that relevant threat indicators are infused in all aspects of operations.
Must have a background in cyber threat analysis, intelligence analysis and reporting, intrusion detection/response, and emerging technologies. They must also understand security vulnerabilities and malicious actor tactics, techniques, and procedures (TTPs) to assess known and emerging cyber threats and better evaluate the effectiveness of layered defenses and to provide strategic recommendations on new technical and non-technical protections.
Drive the integration with, and direct support to, the CSOC and the CIRT enabling detection engineering, threat hunting, incident response, purple team and forensic analysis.
Cultivate and maintain relationships with all the CISO teams to provide direct interactive intelligence support such as threat vulnerability management, and governance, risk, and compliance.
Develop close working partnerships across the business with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
Bring to bear executive experiences and successes as a leader in this space to be a global standard bearer for cyber intelligence within the broader cybersecurity community.
Respond to high-priority requests for information/intelligence from senior leaders of corporate program and projects.
Provide direction and ownership over team products; assist with drafting, editing, critiquing, and proofreading threat intelligence estimates, briefs, assessments, and memorandums.
Develop industry contacts and relationships to enhance intelligence sharing and standard methodologies.
Lead analytic projects from start-to-finish, prioritizing time, conducting data analysis and effectively communicating results to both technical and non-technical audiences.
Develop internal documentation, such as detailed procedures, SOPs, playbooks, and operational metrics reports as required.
What You Bring Along
5+ years of Director+ experience leading high-functioning cyber/threat strategic planning and intelligence teams.
At least seven years of experience in the Intelligence Community.
15+ years of experience with intelligence analysis and fusion.
Comfort with ambiguity, and a self-starter capable of working multi-functionally with engineering, policy, legal, audit, and business teams.
Solid ability to understand, prioritize, and execute priorities with minimal direction.
Exceptional critical thinking, writing, and presentation skills that properly qualify assessments with concise, relevant, and accurate statistics and communications.
Excellent written communication skills and the demonstrable ability to understand and present complex, high-quality intelligence assessments to both technical and nontechnical audiences, including senior leaders.
Proven track record of successfully managing and executing on short term and long-term projects and the ability to build relationships with various roles (executive management to deeply technical).
Experience with collecting, analyzing, and interpreting qualitative and quantitative data from various sources.
Ability to understand, contextualize, and communicate current and developing cyber threats.
In-depth knowledge of Mitre ATT&CK and the cyber kill chain.
A deep understanding of Advance Persistent Threats (APTs) and associated Tactics, Techniques, and Procedures (TTPs).
Clear understanding of intelligence enrichment practices.
Thorough knowledge and experience with planning processes, critical analysis—particularly opportunities analysis—and consensus building.
Substantial experience harnessing cross-organization perspectives and insights to deliver comprehensive intelligence support to operational or policy decision-making efforts.
Substantial experience providing opportunities analysis and intelligence support— preferably in collaboration with the broader IC—to aid the development of USG efforts under various authorities to counter foreign threats, such as threats involving adversary cyber activity, WMD proliferation, or state support to terrorism.
Superior ability to develop innovative and flexible solutions for complex cross-organizational issues, making key contributions to group efforts through personal initiative and effective collaboration.
Thorough knowledge and experience with the mission, charter, roles and responsibilities of the IC and the interrelationships of its customers and stakeholders.
Superior ability to lead cross-organizational planning efforts for complex projects, taking into account a diverse range of considerations and ensuring that the activities can be successfully completed.
Foundational cyber skills: Networking, Applications, Encryption, System/Application vulnerabilities and exploitation, Operating systems, Cloud technology, and malware or behaviors exploiting these systems.
BA/BS degree or higher in International Relations, Security Studies, Intelligence Studies, Political Science, Cyber Security, Computer Science, Information Systems, or related technical field.
CISSP, CISM or related SANs certifications, or relevant technical experience preferred.Or, be willing to obtain CISSP with 6 months of employment.
Experience in threat modeling methods to identify, analyze and prioritize on cyber threats.
Prior military or intelligence community experience and/or formal analytic training/certification.
Two years of experience with assessing cyber threat groups, attack methodologies, attack surface comprehension, spear phishing, research/validation of new cyber threat TTPs.
Experience writing contract deliverables and short suspense products to stakeholders.