Cyber Intelligence Analyst Quantico (Marine Base) in the Russel-Knox building


Full-time all-source threat intelligence assessment is needed to assist the Defense Counterintelligence and Security Agency (DCSA) Counterintelligence (CI) Directorate.

Project Scope:

This project supports the assessment of all-source intelligence, most notably HUMINT and OSINT, for the purpose of analyzing cyber and other threats and sharing information across the IC.

All-Source Threat Intelligence Assessment Analyst


Required:  each CI analyst/assessor must have an active TS/SCI security clearance and have the background and skills to function in a CI/cyber threat intelligence analyst capacity.  Cyber threat intelligence expertise is preferred over purely CI background; however both are desired..

Highly Desired Expertise/Familiarity in the Following:

  • Online Tasking and Reporting (Chrome); Intelligence Information Report (IIR) Processing
  • Intelink-S;
  • M3 message retrieval system;
  • Palantir and/or Fade Mist is highly desirable; For Level II analyst—these must be easy to learn.
  • Microsoft Office Suite;
  • Two (2) years’ experience with CI or cyber threat analysis of collection reporting;
  • Possess specialized CI functional training (a DoD military service or DIA CI credential producing course or the JCITA Functional Analysis course);
  • Experience with intelligence data collection from multiple sources, leveraging automated and non-automated processes;
  • Experience communicating the analysis of cyber threats (written and oral) at both a strategic and operational level to technical and non-technical government and industry personnel;
  • Experience leveraging cyber analytic frameworks to analyze cyber threats and assess their risk;
  • Knowledge of multiple operating system fundamentals, understanding and practical experience with core Internet protocols (e.g., TCP/IP, IP, UDP, DNS, SMTP, HTTP, etc), intrusion methodologies in a Windows or Unix/Linux environment, basic malicious activity concepts as well as the structure, approach and strategy of exploitation tools and techniques, basic physical computer components and architecture;
  • General knowledge of the functions of various security infrastructure such as firewalls, intrusion prevention/detection systems, proxy servers, email controls, anonymizing technology, and SIEM;
  • General knowledge of web application technologies;
  • General knowledge of network and systems forensics;
  • General understanding of AWS, Azure and/or Google Cloud;
  • Comprehensive understanding, analyzing and tracking the cyber threat landscape, including identifying and analyzing cyber threats actors, APT TTPs and/or activities to enhance cyber security posture of an the organization’s IT operating environment;
  • Well-versed in security operations, cyber security tools, and Open Source information gathering from public and private sources;
  • Be knowledgeable with search tools, link analysis tools, and peer-to-peer tools and apply the tools to the requirements;
  • Have competency and capacity to make continuing contributions to advancing the knowledge and understanding of the threat within the CI community program;
  • Shall be skilled in recognizing emerging CI issues/threats to promote to industry the value of DCSA CI collaboration;
  • Experience in Intelligence reporting, to include Intelligence Information Reports (IIR) and Investigative correspondence (e.g., activity reports {AR}) consistent with community standards;
  • Extensive knowledge of structured analytic techniques and analytical tradecraft;
  • Deep understanding of Cyber Kill Chain;
  • Ability to analyze Cyber network events and determine their impact on current operations through all-source intelligence.
  1. All-Source Threat Intelligence Assessment Analyst Representative Tasks (as required by TPOC):
  • Provide strategic, operational and tactical analysis and advice in support DCSA CI government leadership through the wide range of CI and CI Support activities;
  • Develop and maintain subject matter expertise on current global, developing country- and region-specific threat actors;
  • Plan, prioritize, and forecast analytic projects;
  • Meet Intelligence Community tradecraft standards;
  • Comport with timelines, classification, topical scope, depth and format as requested by DCSA CI;
  • Assist in developing collection requirements and association support products;
  • Develop downgrade and tear-line requests;
  • Research, develop, and submit requests for information (RFIs);
  • Review analytic findings;
  • Develop evaluations and feedback of intelligence community reporting;
  • Conduct all-source intelligence research;
  • Develop analytical products, including high quality briefings and written reports, which are coordinated with appropriate Intelligence Community agencies and made available on collaborative forums;
  • Conduct all-source CI analysis to identify adversary strategic intent and objectives, decision-making processes and influences, capabilities, strategy, and operational plans;
  • Develop, produce and present products to include well researched, in-depth multi-source analytical reports, studies, papers, senior leader-level executive summaries, briefings, and charts/graphics;
  • Provide analytical support for the development, validation, implementation and modification of current and evolving DCSA CI operational planning documents;
  • Identify related intelligence gaps; developing appropriate collection and production strategies, RFIs, and requirements to address information shortfalls; and submitting, tracking, and reporting on the status of requirements;
  • Attend and support designated Government meetings to include periodic training, conferences, and production;
  • Identify and prioritize multi-discipline threats to DoD assets and the Defense Industrial Complex;
  • Provide senior level expertise and advice to the DCSA CI Directorate leadership on the national security as an expert in the field of Cyber CI analysis, investigations and operations and performs in-depth research, compilation, collaboration and analysis of a wide range of extremely complex and sensitive information to determine Cyber Foreign Intelligence Entity (FIE) threats to US interests;
  • Apply standards applicable to CI cyber threat analysis or operations;
  • Understand the threat to Cleared Contractors (CC) and build risk-based products to advocate risk-based decision making; working closely with CI Special Agents (CISAs) and Industrial Security Representatives (ISR) at remote locations;
  • Utilize data analysis, threat intelligence, and cutting-edge security technologies to defend against adversarial activity by collecting intelligence and producing tailored analysis to drive active cyber defense efforts;
  • Identify cyber threats, trends and new developments on various cybersecurity topics by analyzing open-source intelligence and data;
  • Support cyber threat intelligence collection, analysis, production, and dissemination of finished reporting products to internal security operations teams, information technology teams, enterprise risk management teams, executive decision makers, and DCSA key mission partners;
  • Identify and monitor the Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors by analyzing open-source intelligence and data;
  • Make analytical predictions about cyber adversaries and their future activities based upon known TTPs;
  • Coordinate with external peers and cyber intelligence sharing groups to share and consume intelligence data surrounding relevant cyber threats;
  • Provide services in various areas of counterintelligence working groups and analytical/operational exchanges;
  • Perform both analytical and operational support to on-going and completed cyber/information operations, identify vulnerability to foreign intelligence and security services activity and make recommendations for improvements and changes;
  • Review reporting of new incidents submitted to a centralized reporting database to speed triage, analysis, sharing, and bolstering cyber defense within cleared industry;
  • Prioritize cyber reporting by DCSA severity schema;
  • Produce finished intelligence products IAW intelligence community and DoD standards;
  • Engage with DCSA elements internal and external to CI;
  • Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency;
  • Respond to ad-hoc taskers;
  • Required and daily tasks include: Triage, analysis and production of CI ARs, metric reports, and other types of reports as required by the TPOC.  Produce IIRs.


To apply for this job email your details to

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search