Cyber Threat Intelligence Analyst

Mitre Corporation
  • Location
    McLean, Virginia
  • Sector
  • Experience
    Mid Career
  • Posted
    Nov 14

Position description

MITRE’s Cyber Operations and Effects Tech Center seeks creative cyber threat intelligence analysts with critical thinking skills and an interest in applying their unique understanding of the adversary in order to support missions ranging from defensive cyber operations and adversary emulation to cyber effects to achieve mission objectives.

MITRE seeks technical candidates with a strong background in cyber threat analysis, intelligence analysis, and cybersecurity in order to support engaging sponsor missions related to defensive, adversary emulation, and offensive objectives.  The right candidate will have a deep understanding of advanced persistent threat (APT), criminal, insider threat, and other unique adversaries’ tactics, techniques, and procedures (TTPs) used against traditional and non-traditional networks and targets.  In this role, you will identify, evaluate, and analyze adversaries in support of red, blue, and purple missions.  Strong knowledge of cyber threat intelligence open source, commercial, and classified threat feeds, data repositories, reports, and platforms combined with cybersecurity technical knowledge is critical to conduct tactical, operational, and strategic support.  You will have the opportunity to evaluate tools and methodologies, assess adversary intent and capability, develop approaches to automate cybersecurity operations, support cyber effects targeting, and engage in research to improve the state of the practice.  We work across MITRE’s R&D centers in the federal civilian sector and national security space in addition to collaborating with industry and standards organizations.   

Key Functions:


  • Adversary Emulation:  Support ATT&CK and ATT&CK-related research with current understanding of cyber threat intelligence commercial and open-source reporting in order to ensure its continued impact on sponsors, private, and public industry.  This includes leveraging operational experience based on understanding real adversary behavior to document emerging adversary tactics and techniques in order to solve cyber problems through operations, data driven analytics, and assessments of cyber threat intelligence within cybersecurity operations centers and testing opportunities.

  • Defensive Cyber Operations:  Conduct research and analysis on current cyber threat activities in support of sponsor security operations. Formulate new analytic techniques, develop policies and procedures, and proactively develop relationships with subject matter experts in the cyber threat intelligence field.

  • Cyber Effects to Achieve Mission Objectives:  Conduct cyber threat intelligence targeting to assist in the development of offensive tools, vulnerability research, reverse engineering of mobile and embedded devices, and prototype development. 


  • BA or BS degree and 5+ years related experience.

  • 3+ years of experience as an all-source intelligence analyst, cyber threat intelligence analyst, or cyber threat analyst.

  • 3+ years of experience writing analytic reports or papers.

  • Experience presenting technical analysis in written products and briefings.

  • Subject matter experience in several of the following areas: adversary emulation, penetration testing, intelligence in support of offensive cyber operations, cybersecurity operations, network security monitoring, host security monitoring, malware analysis, adversary hunting, modern adversary methodologies, all source intelligence analysis, analytical methodologies, confidence-based assessments, and writing analytical reports.

  • Ability to apply formal intelligence analysis methods, develop hypothesis, and prove/disprove relationships.

  • Experience with research and analysis, including classified reporting repositories, search tools, databases, and open source intelligence gathering.

  • Ability to analyze large and unstructured data sets to identify trends and anomalies indicative of malicious cyber activities.

  • Ability to gather information for reconnaissance, enumeration, or fingerprinting of systems.

  • Excellent oral and written communication skills, including presenting information clearly and concisely.

  • Strong knowledge of cyber threat intelligence principles to include adversary tactics/techniques/procedures (TTPs), indicators of compromise (IOC), indicator pivoting and indicator attribution strength.

  • Knowledge with formal analytic models, frameworks, or knowledge bases such as the Lockheed Martin Kill Chain, Diamond Model, STIX/TAXII, and ATT&CK.

Preferred Qualifications:

  • Master's or PhD degree in a technical or intelligence-related field (i.e., international relations, intelligence studies, computer science, cybersecurity).

  • Current DoD TS clearance with SCI access.  Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

  • Strong understanding of the US Intelligence Community and how cyber intelligence organizations work together for the purpose of conducting cyber threat intelligence analysis.

  • Ability to develop new ideas and techniques that advance the state of the practice for cyber threat intelligence.

Application instructions

Please be sure to indicate that you saw this position on

follow us on Twitter