JOB TITLE: CYBERSECURITY INTELLIGENCE MANAGER, PSP

JOB CODE: 70802

DEFINITION: This is administrative and managerial work directing the Cybersecurity Threat and Intelligence Communications (PA Cybercom) Unit for the Pennsylvania State Police (PSP).

The employee in this job oversees the identification, analysis, and dissemination of cyber security threats to public and private sector partners in the commonwealth. Work involves developing and implementing cybersecurity policies and procedures, and directing Cybersecurity Intelligence Engineer employees responsible for identifying, analyzing, and disseminating cybersecurity threats, vulnerabilities, and incident information to owners and operators of critical infrastructure within the commonwealth and to public and private sector partners. Work includes providing guidance on cybersecurity program policies and procedures; providing leadership and mentorship to cyber threat intelligence stakeholders; and overseeing agency coordination with government officials, law enforcement, and private sector entities on cybersecurity, cyber threats, incident preparedness efforts, and the dissemination of cyber intelligence products. Work also includes developing and communicating the range of services provided by the unit, establishing goals, meeting grant performance measures and requirements, and ensuring PA Cybercom supports the responsibilities outlined in the Pennsylvania State Emergency Operations Plan, Cyber Incident Annex. Work is performed independently under the general direction of an administrative supervisor and is reviewed through conferences, reports, and inspection of results for adherence to established policies, procedures, and processes.

EXAMPLES OF WORK: (NOTE: The examples of work are representative of the work, but every position classified to this job may not perform all examples of work listed. Conversely, this is not an all-inclusive list of work examples.)

• Plans the work of the PA Cybercom Unit and directs the analysis and evaluation of cyber intelligence data and open source information to predict the capabilities, intentions, and tactics of cyber-criminal groups, individuals, and other domestic or international threat actors.

• Develops, reviews, and implements policies and procedures to ensure an effective public and private sector cyber intelligence program.

• Supervises the analysis and evaluation of cyber intelligence data for the preparation of assessments and recommendations.

• Reviews and oversees the dissemination of cyber intelligence products developed by Cybersecurity Intelligence Engineer employees.

• Coordinates with appropriate personnel in government units and other organizations responsible for cybersecurity and cyber incident preparedness efforts within federal, state, and local government and the private sector.

• Addresses cyber threats in collaboration with federal, state, and local law enforcement agencies as well as appropriate public and private sector cybersecurity stakeholders.

• Establishes methodologies for identifying, researching, and communicating new and existing cyber threats.

• Utilizes the department’s Automated Intelligence System and other computer systems in the analysis, dissemination, and storage of intelligence information.

• Assists in state cyber incident response planning and management activities in

support of the Pennsylvania Cyber Incident Annex.

• Works with other Pennsylvania Criminal Intelligence Center (PaCIC) staff to ensure the developments in cyber, computer, network security, and law enforcement investigative capabilities are accounted for in non-cyber focused intelligence products.

• Establishes and maintains relationships with public and private sector partners to create trust and ensure effective collaboration and communication.

• Completes trainings, attends conferences, and studies publications to gain and maintain knowledge regarding current and emerging cyber threats and activities.

• Performs the full range of supervisory duties.

• The employee in this job may participate in the performance of subordinates’ work consistent with operational or organizational requirements.

• Performs related work as required.

ENTRY LEVEL KNOWLEDGES, SKILLS, AND ABILITIES:

• Knowledge of the intelligence analysis process, including the intelligence cycle.

• Knowledge of cyber adversarial tactics, techniques, and procedures (TTPs).

• Knowledge of computer security-related disciplines.

• Knowledge of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Knowledge of MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK).

• Knowledge of advanced persistent threat (APT) groups and their specific TTPs.

• Knowledge of the use and functionality of Microsoft Office Suite software.

• Ability to detect and communicate the impact of emerging cybersecurity threat groups.

• Ability to organize and facilitate cross-functional collaboration and project alignment with all applicable stakeholders to accomplish common goals.

• Ability to communicate effectively orally.

• Ability to communicate effectively in writing.

• Ability to establish and maintain effective working relationships.

MINIMUM EXPERIENCE AND TRAINING: (NOTE: Based on the Entry Level Knowledges, Skills, and Abilities)

• Two years as a Cybersecurity Intelligence Engineer, PSP (commonwealth title);

or

• Six years of professional experience in cyber threat analysis, malware analysis, data forensics, or a closely related field, and a bachelor’s degree in computer science, information technology, or a closely related field;

or

• Ten years of experience in cyber threat analysis, malware analysis, data forensics, or a closely related field that includes six years of professional experience;

or

• An equivalent combination of experience and training.

SPECIAL REQUIREMENTS:

• All employees must possess a Security+, Global Information Assurance Certification Security Essentials Certification (GSEC), or an equivalent certification upon hire, or obtain one of these certifications within six months of employment.

• All employees must apply for and obtain or possess upon hire a Federal Bureau of Investigation (FBI) Top Secret Security Clearance and must maintain this clearance for the duration of their employment in this job.