Summary

The Office of Information Technology is seeking a IT Specialist (INFOSEC) (Senior Cyber Threat Intelligence (CTI) Analyst). In this role, you will lead intelligence-driven detection, hunting, and response initiatives, and serve as a subject matter expert for both internal stakeholders and the broader cyber defense community.

Duties

Help

In this role, you will be responsible for proactively identifying, analyzing, and communicating cyber threats relevant to the organization by leveraging advanced threat intelligence methodologies, frameworks (such as MITRE ATT&CK), and collaborative partnerships to inform and enhance the organization's cyber defense posture. This role plays a critical role in enabling the Security Operations Center (SOC) to move from reactive incident response to proactive, intelligence-driven defense. By illuminating adversaries, informing detection and response, and fostering a culture of collaboration and knowledge sharing, this role directly contributes to the resilience and security of the SEC.

In this role as a Senior Cyber Threat Intelligence (CTI) Analyst, you will be responsible for:

• Producing high-quality written and verbal intelligence products, including threat assessments, briefings, and technical reports for diverse audiences.
• Working closely with SOC analysts, incident responders, detection engineers, and vulnerability management teams to contextualize threats and drive intelligence-led defense.
• Analyzing adversary tactics, techniques, and procedures (TTPs), campaigns, and threat actor profiles to produce actionable intelligence for SOC operations and executive stakeholders.
• Leading or participating in threat hunting activities, leveraging CTI to generate hypotheses and identify previously undetected malicious activity.
• Translating intelligence findings into technical detection requirements, such as SIEM rules, EDR analytics, and custom signatures.
• Developing and maintaining threat models and using frameworks such as MITRE ATT&CK to map adversary behaviors and inform detection and response strategies.
• Driving continuous improvement of CTI processes, including intelligence requirements, collection management, and feedback loops.
• Collecting, processing, and fusing cyber threat intelligence (CTI) from internal and external sources, including open-source intelligence (OSINT), commercial feeds, government advisories, and information sharing groups.
• Tuning and optimizing detection and response capabilities based on evolving threat intelligence and lessons learned from incidents.
• Contributing to the development and maintenance of threat intelligence platforms (TIPs) and automation workflows.

Requirements

Help

Conditions of employment

• CITZENSHIP: You must be a US Citizen.
• SELECTIVE SERVICE: Males born after 12/31/59 must be registered or exempt from Selective Service (see https://www.sss.gov/).
• SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
• PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
• DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
• The selectee is required to report to the duty station(s) listed.
• The duties of this position may require the incumbent to carry a cell phone and be on call 24 hours a day, seven days a week on a rotational basis, based on the needs of the organization.
• The candidate must be able to obtain/maintain a Top Secret security clearance.

Qualifications

Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the HowYou Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below.

SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:

1. Collecting and handling information about emerging cyber threats;
2. Utilizing structured methodologies to analyze how attackers behave;
3. Sharing cyber threat intelligence with security teams and mission partners to protect systems; and
4. Delivering cyber threat assessments that help organizational leaders make informed decisions.

ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:

• Cyber Defense Analysis: Uses defensive measures and information collected from a variety of sources to identify, analyze, and
  
  report events that occur or might occur within the network to protect information, information systems, and networks from threats.
• Critical Thinking: Considers a variety of factors, general and subject matter-specific, when making decisions and determining next steps.
• Technical Communication: Translates technical information into non-technical terms and accurately convey technical information to end users (e.g., staff, management) and outside parties, including the technical documentation of applications, systems, Standard Operating Procedures, etc.
• Artificial Intelligence and Machine Learning: Uses principles, methods, and tools to design or implement systems that perform and apply human-like intelligence functions such as those that use neural networks, deep learning, natural language processing, and image recognition.

Additional information

Supplementary vacancies may be filled in addition to the number stated in this announcement and may be filled from any division or office within the agency.

SEC COMPENSATION PROGRAM: Total salary (base pay + locality) is dependent upon duty location. The overall salary range listed above is provided for informational purposes; a selectee's initial pay will be established below the maximum rate of the range. The pay for current SEC employees will be determined according to the procedures specified in the agency's policy. Please click here for a compensation overview.

IMPORTANT INFORMATION FOR SURPLUS OR DISPLACED FEDERAL EMPLOYEES: If you have never worked for the federal government, you are not I/CTAP eligible. To receive selection priority for this position, you must: (1) meet CTAP or ICTAP eligibility criteria; the questionnaire asks you to identify your ICTAP/CTAP eligibility (2) be rated well-qualified; and, (3) submit the appropriate documentation to support your CTAP or ICTAP eligibility. View information about I/CTAP eligibility on OPM's Career Transition Resources website.

Expand Hide additional information

Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.

Benefits

Help

A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

Review our benefits

Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.