Years of experience
Bachelors or equivalent education and related work experience
- SANS GREM
- SANS GCIH and/or GCIA
- Certified Ethical Hacker
- Basic knowledge of Java, C, and/or C++
The Integration Lead’s overall goal is to maintain awareness of, curate, and triage current threats the CIRT should proactively monitor for and respond to. Sources for information would be open source, classified, and via liaison with internal threat intel teams. An excellent verbal communication, reporting and presentation skills is a must.
Determine the best way for the CIRT to put the information to use. The candidate MUST have an excellent understanding of how a CIRT functions and the typical technologies it leverages. For example:
- Should an IDS signature be made?
- What technology do we have, or should we use to detect the threat?
- Is it sufficient to make CIRT analysts aware of the information or TTP? If so, which teams need to know and how can they use it?
- Continuously internally evangelize and promote how and why threat information should be and is important in driving CIRT actions
- Create short situation reports as required.
- Maintain and regularly update an MS Teams channel dedicated to CIRT/Department of State related Threat intelligence.
- Assist with developing training opportunities for junior analysts.
Although the position does not currently have any direct reports, the Threat Lead will be part of the CIRT upper Management team. As such, the position should have a good understanding of how a CIRT functions, and the technologies involved so that they can be leaned on to help move the CIRT forward.