GRF Seeking Cyber Threat Intelligence Analyst


Job Status: Full Time FLSA Status: Exempt

Reports To: TBD Travel Required: None

Work Schedule: Mon - Fri: 40 hours Positions Location: Reston, VA

Firm: New Hire

To apply, please send a cover letter and resume to with the position title listed in the subject line.

The mission of the Global Resilience Federation (GRF) is to help assure the resilience and continuity of vital infrastructure and individual organizations against threats and acts that could significantly impact individual organizations and various sectors’ ability to provide services critical to the orderly functioning of the global economy. GRF is a non-profit spin-off from the Financial Services Information Sharing and Analysis Center (FS-ISAC) that provides support and technology to ISACs, ISAOs, and other communities around the world, with co-located analysts supporting individual communities and participating in cross-sector sharing and collaboration.


GRF is seeking an individual to serve as a Cyber Threat Intelligence Analyst. The primary focus of the Cyber Threat Intelligence Analyst is to support oil and gas critical infrastructure and members of that sector.


Monitor external, internal, and open source feeds for relevant cyber threats, incidents, and/or cyber activity that may have an impact on the oil and gas sector and/or relevant sectors and assets.

Stay up to date on commodity/opportunistic malware and threats and targeted malware variants and threats.

Analyze indicators, observables, and incidents that are submitted by clients/members to create actionable intelligence reports with mitigation recommendations and in-depth analysis.

Conduct briefings and host meetings on threat actors, threats, malware variants, TTPs, and APTs to clients/members.

Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole).

Correlate activity found on internal/external feeds with what companies and members within critical infrastructure sectors are seeing or may see.

Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs.

Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.


  • Understanding of cyber kill chain model (or intrusion kill chain), diamond model, and ACH

  • Great writing and communication skills

  • Experience with ThreatConnect and ThreatStream

  • Ability to analyze network packet captures (PCAPs), IP addresses, triage binaries and files, and incidents

  • Understanding of certain threat actors, correlating cyber and geopolitical activity, and ability to produce tailored intel reports

  • Basic Cybersecurity Certifications (Security+, CEH, GCIH, etc.)

  • Security clearance or eligibility for clearance desired

Required Education:

  • 3 – 5 years of relevant experience; previous experience in a SOC, intelligence, or cyber threat intelligence

  • SANS/GIAC Certification in one of the following: GREM, GCTI, GCIA, or GPEN, or a similar certification

  • Understand malware analysis or are familiar with reverse engineering

  • Ability to write and understand YARA and SNORT rules

GRF offers a comprehensive benefits package including paid time off, medical and dental benefits paid for by the employer, annual bonuses, 401k plan with company match and others.

Chad McAuslin