Senior Cyber Threat Intelligence (CTI) Analyst

Clarification from the agency

All US Citizens

In this role, you will be responsible for proactively identifying, analyzing, and communicating cyber threats relevant to the organization by leveraging advanced threat intelligence methodologies, frameworks (such as MITRE ATT&CK), and collaborative partnerships to inform and enhance the organization's cyber defense posture. This role plays a critical role in enabling the Security Operations Center (SOC) to move from reactive incident response to proactive, intelligence-driven defense. By illuminating adversaries, informing detection and response, and fostering a culture of collaboration and knowledge sharing, this role directly contributes to the resilience and security of the SEC.

In this role as a Senior Cyber Threat Intelligence (CTI) Analyst, you will be responsible for:

• Producing high-quality written and verbal intelligence products, including threat assessments, briefings, and technical reports for diverse audiences.
• Working closely with SOC analysts, incident responders, detection engineers, and vulnerability management teams to contextualize threats and drive intelligence-led defense.
• Analyzing adversary tactics, techniques, and procedures (TTPs), campaigns, and threat actor profiles to produce actionable intelligence for SOC operations and executive stakeholders.
• Leading or participating in threat hunting activities, leveraging CTI to generate hypotheses and identify previously undetected malicious activity.
• Translating intelligence findings into technical detection requirements, such as SIEM rules, EDR analytics, and custom signatures.
• Developing and maintaining threat models and using frameworks such as MITRE ATT&CK to map adversary behaviors and inform detection and response strategies.
• Driving continuous improvement of CTI processes, including intelligence requirements, collection management, and feedback loops.
• Collecting, processing, and fusing cyber threat intelligence (CTI) from internal and external sources, including open-source intelligence (OSINT), commercial feeds, government advisories, and information sharing groups.
• Tuning and optimizing detection and response capabilities based on evolving threat intelligence and lessons learned from incidents.
• Contributing to the development and maintenance of threat intelligence platforms (TIPs) and automation workflows.

Conditions of employment

• CITZENSHIP: You must be a US Citizen.
• SELECTIVE SERVICE: Males born after 12/31/59 must be registered or exempt from Selective Service (see https://www.sss.gov/).
• SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
• PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
• DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
• The selectee is required to report to the duty station(s) listed.
• The duties of this position may require the incumbent to carry a cell phone and be on call 24 hours a day, seven days a week on a rotational basis, based on the needs of the organization.
• The candidate must be able to obtain/maintain a Top Secret security clearance.

Qualifications

Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the How You Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below.

SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:

1. Collecting and handling information about emerging cyber threats;
2. Utilizing structured methodologies to analyze how attackers behave;
3. Sharing cyber threat intelligence with security teams and mission partners to protect systems; and
4. Delivering cyber threat assessments that help organizational leaders make informed decisions.

ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:

• Cyber Defense Analysis: Uses defensive measures and information collected from a variety of sources to identify, analyze, and
  report events that occur or might occur within the network to protect information, information systems, and networks from threats.
• Critical Thinking: Considers a variety of factors, general and subject matter-specific, when making decisions and determining next steps.
• Technical Communication: Translates technical information into non-technical terms and accurately convey technical information to end users (e.g., staff, management) and outside parties, including the technical documentation of applications, systems, Standard Operating Procedures, etc.
• Artificial Intelligence and Machine Learning: Uses principles, methods, and tools to design or implement systems that perform and apply human-like intelligence functions such as those that use neural networks, deep learning, natural language processing, and image recognition.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

You will be evaluated for this position based on how well you meet the qualifications listed in this announcement.

This position is being advertised through the Office of Personnel Management's (OPM) Delegated Direct-Hire Authority (5 U.S.C. Section 3304 and 5 CFR Part 337, Subpart B) and is open to All U.S. Citizens. Under this authority, competitive rating, ranking and veterans' preference procedures do not apply.

Your resume and application package will first be reviewed to determine whether you meet the minimum qualification requirements outlined in the announcement. If you are found minimally qualified, the Office of Human Resources will contact you to request an Accomplishment Record. You will have 3 business days from the date of the request to submit it. Failure to submit the Accomplishment Record on time will remove you from further consideration. Because of the short turnaround time, you are strongly encouraged to begin preparing your Accomplishment Record in advance.

Once your Accomplishment Record is received, a rating panel will review both your resume and your narrative responses. Your Accomplishment Record must clearly demonstrate your proficiency in the competencies listed in the Qualifications section.

Click here for guidance on writing your Accomplishment Record.

Your resume must provide evidence that supports the claims in your Accomplishment Record. Each narrative must describe one specific, relevant example from your experience or training. Responses are limited to 300 words per competency; any text beyond this limit will not be reviewed.

You must provide one document containing your narrative responses for all four competencies. Failure to address each competency annotated on the announcement or failure to provide the correct document will result in loss of further consideration. Please note: A Performance Appraisal does not satisfy the requirement for an Accomplishment Record.

Required Accomplishment Record Format:

Applicant First Name and Last Name
Competency Title

• Position title and dates from your resume that this experience was obtained
• Describe the situation (i.e., the challenged faced, the problem solved)
• Describe the specific actions you took
• State the outcome, results, or long-term impact of your accomplishment
• Name and email address of someone who can verify this information

Reference checks may be conducted as part of the final selection process, and you will be notified before any contacts are made.

Basis for Rating: The rating panel will evaluate applicants' accomplishment records and resume, and then place them into one of the following categories:

• Pass - Meets the minimum qualification requirements and has at least a moderate amount of skills and experience in most of the job related competencies.
• Fail - Meets the minimum qualification requirements, but has only limited experience in several of the job related competencies.

Passing applicants will be referred to the hiring office for further review and consideration. The hiring office may directly contact recommended candidates for interview(s).

To preview the Questionnaire, click https://apply.usastaffing.gov/ViewQuestionnaire/12988315

You must provide a complete Application Package, which includes:

• Required: Your responses to the Questionnaire.
• Required: Resume - Resumes should include relevant work experience, with specific employment dates, that demonstrates qualifications for the specialized experience and competencies as outlined above. If your resume does not reflect demonstrated evidence of these qualifications, you may not receive consideration for the position. Resumes that exceed two pages will be deemed ineligible and receive no further consideration. For resume writing tips, visit USAJOBS and the SEC careers page.
• Required, if applicable: CTAP/ICTAP documentation (a copy of a separation notice or other proof of eligibility for priority selection; a copy of an SF-50, Notification of Personnel Action, showing current position, grade, promotion potential, and duty location; AND a copy of your most recent performance appraisal.)

Next steps