-
Summary
Everforth ECS is seeking a Threat Intelligence Analyst to work in our Portland, OR office. Please Note: This position is contingent upon contract award.The Threat Intelligence Analyst supports cybersecurity operations by collecting, analyzing, producing, and disseminating actionable intelligence on cyber threats, adversary tactics, vulnerabilities, campaigns, and emerging risks relevant to the organization. This role helps transform internal and external threat information into timely context that supports SOC monitoring, threat hunting, incident response, vulnerability management, and leadership decision-making.The ideal candidate has strong analytical and writing skills, understands adversary behavior and cybersecurity operations, and can evaluate threat information from multiple sources to produce clear, prioritized, and actionable intelligence for technical and non-technical stakeholders.Key ResponsibilitiesCollect and evaluate cyber threat information from open‑source, commercial, government, industry, and internal security sourcesSupport development and refinement of intelligence requirements aligned to organizational mission, assets, technology, and risk prioritiesMonitor threat actor activity, malware trends, exploitation activity, vulnerability disclosures, campaigns, and sector‑specific threat reportingMaintain awareness of current threat landscape developments that may affect enterprise, cloud, identity, endpoint, network, or operational environmentsAnalysis & ProductionAnalyze threat reporting, indicators, tactics, techniques, and procedures to assess relevance, credibility, confidence, and potential impactProduce intelligence products such as threat briefs, situational awareness reports, actor profiles, vulnerability intelligence notes, and executive summariesMap observed or reported adversary behavior to recognized frameworks such as MITRE ATT&CKIdentify trends, patterns, knowledge gaps, and intelligence priorities that support security operations and risk managementValidate, enrich, and manage indicators of compromise and other threat artifacts for operational useProvide context around indicators, including associated campaigns, malware, infrastructure, confidence levels, and recommended handlingCoordinate with SOC, threat hunting, and engineering teams to support detection logic, alert enrichment, watchlists, and monitoring use casesRecommend tuning, suppression, or prioritization guidance when intelligence indicates changes in threat relevance or confidenceSupport SOC analysts with threat context during alert triage, investigation, escalation, and incident response activitiesProvide intelligence inputs to threat hunting hypotheses, hunt priorities, and post‑incident analysisAssist with research on suspicious activity, adversary tradecraft, malicious infrastructure, malware families, and exploitation techniquesDocument intelligence findings, assumptions, confidence levels, and recommended follow‑up actions clearly and defensiblyPrepare written and verbal intelligence briefings for technical teams, program leadership, and other stakeholdersTranslate complex threat information into clear operational and business risk languageCollaborate with SOC analysts, threat hunters, forensics personnel, security engineers, Splunk teams, and program leadershipContribute to knowledge bases, intelligence repositories, recurring reports, and lessons‑learned materialsHelp improve intelligence workflows, source evaluation practices, reporting templates, tagging standards, and dissemination processesTrack intelligence usefulness, stakeholder feedback, recurring intelligence gaps, and opportunities to improve operational impactStay current with adversary tradecraft, intelligence analysis methods, security operations practices, and relevant frameworksRequired Skills3‑5 years of experience in cyber threat intelligence, security operations, incident response, threat hunting, intelligence analysis, or related cybersecurity rolesWorking knowledge of cyber threat actors, malware, vulnerabilities, attack lifecycle concepts, and adversary tactics, techniques, and proceduresExperience collecting, evaluating, analyzing, and summarizing threat information from multiple sourcesFamiliarity with SOC operations, SIEM workflows, indicators of compromise, detection concepts, and incident investigation processesStrong written communication skills, including the ability to produce concise, accurate, and actionable intelligence productsAbility to assess source reliability, analytic confidence, operational relevance, and potential impactDesired SkillsExperience with threat intelligence platforms, SIEM tools, EDR platforms, case management systems, or intelligence repositoriesFamiliarity with MITRE ATT&CK, Diamond Model, Cyber Kill Chain, STIX/TAXII, YARA, Sigma, or other intelligence and detection frameworksExperience supporting regulated, government, defense, critical infrastructure, financial, or enterprise security environmentsKnowledge of scripting, query languages, malware analysis concepts, vulnerability intelligence, or digital forensics conceptsCertifications such as Security+, CySA+, GCTI, GCIH, GCIA, CISSP, or equivalent experienceECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.#J-18808-Ljbffr
-
Job Description
Everforth ECS is seeking a Threat Intelligence Analyst to work in our Portland, OR office. Please Note: This position is contingent upon contract award.The Threat Intelligence Analyst supports cybersecurity operations by collecting, analyzing, producing, and disseminating actionable intelligence on cyber threats, adversary tactics, vulnerabilities, campaigns, and emerging risks relevant to the organization. This role helps transform internal and external threat information into timely context that supports SOC monitoring, threat hunting, incident response, vulnerability management, and leadership decision-making.The ideal candidate has strong analytical and writing skills, understands adversary behavior and cybersecurity operations, and can evaluate threat information from multiple sources to produce clear, prioritized, and actionable intelligence for technical and non-technical stakeholders.Key ResponsibilitiesCollect and evaluate cyber threat information from open‑source, commercial, government, industry, and internal security sourcesSupport development and refinement of intelligence requirements aligned to organizational mission, assets, technology, and risk prioritiesMonitor threat actor activity, malware trends, exploitation activity, vulnerability disclosures, campaigns, and sector‑specific threat reportingMaintain awareness of current threat landscape developments that may affect enterprise, cloud, identity, endpoint, network, or operational environmentsAnalysis & ProductionAnalyze threat reporting, indicators, tactics, techniques, and procedures to assess relevance, credibility, confidence, and potential impactProduce intelligence products such as threat briefs, situational awareness reports, actor profiles, vulnerability intelligence notes, and executive summariesMap observed or reported adversary behavior to recognized frameworks such as MITRE ATT&CKIdentify trends, patterns, knowledge gaps, and intelligence priorities that support security operations and risk managementValidate, enrich, and manage indicators of compromise and other threat artifacts for operational useProvide context around indicators, including associated campaigns, malware, infrastructure, confidence levels, and recommended handlingCoordinate with SOC, threat hunting, and engineering teams to support detection logic, alert enrichment, watchlists, and monitoring use casesRecommend tuning, suppression, or prioritization guidance when intelligence indicates changes in threat relevance or confidenceSupport SOC analysts with threat context during alert triage, investigation, escalation, and incident response activitiesProvide intelligence inputs to threat hunting hypotheses, hunt priorities, and post‑incident analysisAssist with research on suspicious activity, adversary tradecraft, malicious infrastructure, malware families, and exploitation techniquesDocument intelligence findings, assumptions, confidence levels, and recommended follow‑up actions clearly and defensiblyPrepare written and verbal intelligence briefings for technical teams, program leadership, and other stakeholdersTranslate complex threat information into clear operational and business risk languageCollaborate with SOC analysts, threat hunters, forensics personnel, security engineers, Splunk teams, and program leadershipContribute to knowledge bases, intelligence repositories, recurring reports, and lessons‑learned materialsHelp improve intelligence workflows, source evaluation practices, reporting templates, tagging standards, and dissemination processesTrack intelligence usefulness, stakeholder feedback, recurring intelligence gaps, and opportunities to improve operational impactStay current with adversary tradecraft, intelligence analysis methods, security operations practices, and relevant frameworksRequired Skills3‑5 years of experience in cyber threat intelligence, security operations, incident response, threat hunting, intelligence analysis, or related cybersecurity rolesWorking knowledge of cyber threat actors, malware, vulnerabilities, attack lifecycle concepts, and adversary tactics, techniques, and proceduresExperience collecting, evaluating, analyzing, and summarizing threat information from multiple sourcesFamiliarity with SOC operations, SIEM workflows, indicators of compromise, detection concepts, and incident investigation processesStrong written communication skills, including the ability to produce concise, accurate, and actionable intelligence productsAbility to assess source reliability, analytic confidence, operational relevance, and potential impactDesired SkillsExperience with threat intelligence platforms, SIEM tools, EDR platforms, case management systems, or intelligence repositoriesFamiliarity with MITRE ATT&CK, Diamond Model, Cyber Kill Chain, STIX/TAXII, YARA, Sigma, or other intelligence and detection frameworksExperience supporting regulated, government, defense, critical infrastructure, financial, or enterprise security environmentsKnowledge of scripting, query languages, malware analysis concepts, vulnerability intelligence, or digital forensics conceptsCertifications such as Security+, CySA+, GCTI, GCIH, GCIA, CISSP, or equivalent experienceECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.#J-18808-Ljbffr
-
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-