JOB TITLE: CYBERSECURITY INTELLIGENCE ENGINEER, PSP

JOB CODE: 70801

DEFINITION: This is professional analytical work which involves identifying, analyzing, and disseminating cyber security threats to public and private sector partners in the commonwealth.

An employee in this job identifies, analyzes, and communicates confidential and sensitive information and interprets security policies and procedures to formulate and pursue hypotheses relative to current and emerging cyber threats and attacks. Work involves utilizing intelligence and other computer systems to analyze and evaluate intelligence data and predict the capabilities, intentions, and vulnerabilities of cyber-criminal groups or individuals; determining the validity of cyber threats and impacts on Pennsylvania citizens and infrastructure; identifying new cyber trends and patterns, tactics, techniques, and procedures (TTPs), tools, or threat actors; and communicating findings and making recommendations for action. Work also includes coordinating and collaborating with partners including government officials, law enforcement, and private sector entities to address cyber threats; and assisting the Pennsylvania National Guard with cybersecurity assessments and making recommendations regarding the cybersecurity of partners. Work is performed independently under the general direction of an administrative supervisor and is reviewed through conferences, reports, and inspection of results for adherence to established policies, procedures, and processes.

EXAMPLES OF WORK: (NOTE: The examples of work are representative of the work, but every position classified to this job may not perform all examples of work listed. Conversely, this is not an all-inclusive list of work examples.)

• Collects, receives, analyzes, and evaluates intelligence information to predict the capabilities, intentions, and vulnerabilities of cyber-criminal groups and individuals.

• Interprets security policies and procedures and applies them to emerging cybersecurity threats and attacks.

• Utilizes the Department’s Automated Intelligence System and other computer systems in the analysis, dissemination, and storage of intelligence information.

• Monitors a variety of classified, sensitive, partner, and open-source reporting for relevant cyber information; provides actionable strategic and technical intelligence to partners.

• Collaborates and coordinates with law enforcement, federal, state, and local government officials, and private sector entities on cyber threats and cybersecurity efforts.

• Serves as a point of contact for public and private sector intelligence and information sharing agencies and groups.

• Assists in state cyber incident response planning and management activities in support of the Pennsylvania Cyber Incident Annex.

• Coordinates with other staff to ensure non-cyber focused intelligence products include developments in cyber, computer, network security, and law enforcement investigative capabilities.

• Assists the Pennsylvania National Guard with cybersecurity assessments and provides actionable recommendations.

• Completes trainings, attends conferences, and studies publications to gain and maintain knowledge regarding current and emerging cyber threats and activities.

• Performs related work as required.

ENTRY LEVEL KNOWLEDGES, SKILLS, AND ABILITIES:

• Knowledge of the basic intelligence analysis process, including the intelligence cycle.

• Knowledge of cyber adversarial tactics, techniques, and procedures (TTPs).

• Knowledge of computer security-related disciplines.

• Knowledge of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Knowledge of advanced persistent threat (APT) groups and their specific TTPs.

• Ability to detect and communicate the impact of emerging cybersecurity threat groups.

• Ability to communicate effectively orally.

• Ability to communicate effectively in writing.

• Ability to establish and maintain effective working relationships.

MINIMUM EXPERIENCE AND TRAINING: (NOTE: Based on the Entry Level Knowledges, Skills, and Abilities)

• Four years of professional experience in cyber threat analysis, malware analysis, data forensics, or a closely related field; and a bachelor’s degree in computer science, information technology, or a closely related field;

or

• An equivalent combination of experience and training.

SPECIAL REQUIREMENTS:

• All employees must possess a Security+, Global Information Assurance Certification Security Essentials Certification (GSEC), or an equivalent certification upon hire, or obtain one of these certifications within six months of employment.

• All employees must apply for and obtain or possess upon hire a Federal Bureau of Investigation (FBI) Top Secret Security Clearance and must maintain this clearance for the duration of their employment in this job.