Cybersecurity Intelligence Analyst

Evolver is a cybersecurity and digital transformation company supporting national defense, federal civilian agencies, and Fortune 500 organizations. We help customers secure critical systems, modernize enterprise technology, and solve complex operational challenges through integrated capabilities spanning cybersecurity, enterprise IT infrastructure, cloud, software development, data analytics, legal technology and eDiscovery, applied AI, and electronic security systems. Our teams combine deep technical expertise with mission understanding to deliver secure, reliable, and scalable solutions that advance performance in high-stakes environments.

The Cybersecurity Intelligence Analyst serves as a core member of the Cyber Intelligence Operations program and is responsible for conducting structured, all-source analysis that integrates cyber threat intelligence, insider threat insights, advanced analytics outputs, operational telemetry, and external geopolitical and regulatory developments into coherent, decision-ready intelligence products.

The analyst develops integrated threat and risk views, supports holistic threat monitoring and predictive risk analysis, and produces assessments and briefings that directly inform senior leadership decisions, computer security incident response team (CSIRT) operations, advanced threat hunting, insider threat, vulnerability/risk-based vulnerability management (RBVM), and broader integrated risk management activities. The focus is on answering "so what?" and "now what?" for decisionmakers, not on producing raw indicators or operating response tools.

Key Responsibilities

1. All-Source, Cross-Domain Intelligence Analysis

• Conduct all-source cyber intelligence analysis in support of a federal mission and enterprise risk objectives.
• Translate raw data from multiple sources (e.g., OSINT, deep/dark web reporting, classified sources, law enforcement and intelligence community reporting, commercial CTI, internal telemetry) into clear operational and strategic assessments.
• Develop forward-looking assessments that articulate likely future developments, drivers, and second-order effects on mission, operations, and strategic objectives.

1. Intelligence Requirements, RFIs, and Knowledge Management

• Operate and support a centralized intelligence requirements and Request for Information (RFI) intake, triage, and routing process for Cyber Intelligence Operations.
• Map RFIs to Priority Intelligence Requirements (PIRs) and determine whether existing knowledge can satisfy requests.
• Maintain and refine an integrated knowledge base that aggregates cyber threat intelligence products (adversary/campaign profiles, CTI reports).

1. Intelligence Production & Publication

• Produce comprehensive intelligence reports and finished assessments to support decision-making at tactical, operational, and strategic levels tailored to diverse audiences (technical and non-technical).
• Clearly articulate the operational and strategic implications of emerging threats, campaigns, vulnerabilities, and insider risk trends, including recommended risk treatments and prioritization.
• Apply rigorous analytic tradecraft, including explicit source evaluation and use of confidence statements, identification of key assumptions, intelligence gaps, and plausible alternative hypotheses, and use of structured analytic techniques where appropriate.

1. Support to Operations, Governance, and Risk Management

• Provide integrated threat and risk insights that support CSIRT operations and incident response decision-making, advanced threat hunting (ATH) and forensics team, vulnerability management/RBVM prioritization and control enhancement decisions and insider threat program analysis at the enterprise pattern level.
• Develop and deliver briefings, decision memos, and talking points for risk committees and governance forums, architecture and change control boards, program and mission leadership.

1. Collaboration and Stakeholder Engagement

• Collaborate closely with cross-functional teams, including CSIRT, advanced threat hunting, and forensics, applied intelligence/data science and analytics teams, risk management, governance, policy, architecture, and technical operations teams.
• Engage stakeholders to understand intelligence requirements, information gaps, and decision points, then shape analytic priorities accordingly.
• Facilitate information sharing and alignment among technical and non-technical teams to avoid duplication of effort and ensure clear ownership and roles across the cyber intelligence lifecycle.

Basic Qualifications

• Bachelor's degree in Intelligence Studies, Political Science, International Relations, Cybersecurity, Computer Science, or a closely related field;
• OR an Associate degree with at least 4 years of directly relevant operational experience in intelligence, cyber operations, or related domains.
• 2 years of experience with structured analytic techniques and formal analytic tradecraft standards.
• 5 years of experience analyzing cyber intelligence, including the use of common cybersecurity and threat intelligence tools (e.g., Mandiant, CrowdStrike, Splunk, Tenable or equivalent platforms).
• 3 years of experience analyzing and evaluating raw data (OSINT, deep/dark web, and classified sources) in a geographical or functional area to produce finished intelligence reports.
• 2 years of experience translating technical and fragmented data into clear, concise assessments and recommendations for both technical and non-technical audiences.
• U.S. Citizen with an active Top-Secret clearance and SCI eligibility under ICD 704, with no waivers or conditions.
• Ability to obtain and maintain all required security and suitability determinations and comply with all relevant security protocols and procedures.

Preferred Qualifications

• Prior experience in analytical, intelligence, and cyber-related roles within federal government, defense, intelligence community, or comparable environments.
• Experience working within structured cyber threat intelligence functions (e.g., CTI teams, TIP-based environments) and coordinating with SOC, CSIRT, or incident response teams.
• Experience supporting integrated risk management, enterprise risk registers, or governance forums with intelligence-driven insights.
• Demonstrated experience in horizon scanning, scenario development, or strategic foresight related to cyber, technology, or national security issues.
• Demonstrated experience using Python, SQL, and Large Language Models (LLMs) to support data exploration, querying, and analytic workflows (e.g., building basic queries, data transformations, or analytic prototypes to enhance speed, repeatability, and quality of intelligence analysis).
• Excellent written and verbal communication skills, including experience briefing senior leaders and producing decision-quality written products.

Evolver is an equal opportunity employer. We welcome all job seekers and do not discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, disability, veteran status, or any other protected factor.

Actual compensation depends on experience, qualifications, and location. Evolver provides competitive benefits including health, dental, and vision insurance, 401(k), flexible spending accounts, PTO, and parental leave in accordance with company policies.