Job Description

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

Top Secret

Clearance Level Must Be Able to Obtain:

Top Secret

Public Trust/Other Required:

None

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Cyber Threat Intelligence, Data Feeds, Intelligence Operations, Intelligence Production, Operational Intelligence

Certifications:

None

Experience:

10 + years of related experience

US Citizenship Required:

Yes

The Cyber Threat Intelligence & Data Management Lead oversees teams that collect, process, organize, and analyze cyber threat data transforming it into actionable intelligence that informs decision‑makers and strengthens national cyber defense. In this role, the successful candidate governs TIP data quality and tagging, manages the intelligence production cycle, and drives targeted notifications, RFIs, dashboards, and event‑driven reporting that enhances threat visibility and mission impact. The candidate directs operations within a threat intelligence platform (TIP), ensuring analysts can receive, share, enrich, correlate, and disseminate timely intelligence to reduce cyber risk across various agencies to such as, FCEB agencies, SLTT partners, and critical infrastructure sectors.

Key Responsibilities

Cyber Threat Intelligence (CTI) Operations Leadership

• Oversee teams delivering strategic, operational, and tactical CTI products

• Enhance national situational awareness by directing monitoring, aggregation, and correlation of cyber incident reports

• Sustain real‑time CTI exchange by coordinating with internal components, FCEB agencies, and external partners to maintain an accurate, timely, and shared threat picture across the full threat lifecycle.

• Detect and characterize threats by continuously monitoring intelligence, media, law enforcement, and third‑party data feeds within the TIP to identify incidents, vulnerabilities, and malicious activity.

TIP & Data Management Governance

• Ensure continuous, reliable operation of the TIP by managing ingestion pipelines, maintaining data quality, and sustaining platform performance .

• Operate robust tipping and queuing workflows (manual and automated) in the TIP, routing, enriching, triaging, and disseminating inbound/outbound intelligence.

• Maintain TIP data integrity via accurate tagging, metadata management, traceability, and feed normalization, adhering to standards such as STIX, JSON, and MISP formatting.

• Implement tagging governance (multi‑tag, rule‑based, hierarchical), including TLP designations, source/analyst attribution, and threat context to support consistent access control and data lineage.

Analytic Frameworks & Requirements Alignment

• Apply recognized analytic models and frameworks—MITRE ATT&CK, Diamond Model, Cyber Kill Chain—to structure intelligence, map adversary behavior, and align reporting to Priority Intelligence Requirements (PIRs) and Threat Branch Information Needs (INs).

• Strengthen threat prioritization by correlating activity, vulnerabilities, and attack surfaces across sectors and threat groups to support campaign tracking, risk scoring, and intelligence‑driven resource allocation.

• Identify and prioritize intelligence requirements for the Threat Branch, tagging reporting to INs nested under PIRs.

Intelligence Production Cycle & Targeted Notifications

• Manage the full intelligence production cycle—topic formation, proposal, development, coordination, review, approval, and dissemination—ensuring compliance with analytic standards.

• Review intelligence products for analytic rigor, technical accuracy, and conceptual soundness.

• Produce targeted notification packages that are timely, accurate, and actionable, integrating classified and unclassified reporting.

• Oversee the issuing, triage, and tracking of RFIs in the TIP, maintaining timely responses, status visibility, and stakeholder coordination.

• Capture customer feedback on threat intelligence products and integrate insights into continuous improvement to enhance relevance, clarity, and mission impact.

Cyber Defense Support & Cross‑Functional Integration

• Strengthen national cyber defense by overseeing continuous monitoring, triage, investigation, and reporting of cybersecurity events and incidents across FCEB, SLTT, and critical infrastructure environments.

• Document all analysis in required formats—ticketing entries, knowledge articles, external reports, incident response playbooks.

• Accelerate threat discovery by directing development of custom scripts and AI/ML‑enabled analytic techniques.

• Create, deploy, and refine detection logic and policies used across monitoring tools and platforms; maintain enterprise‑level incident response and hunt analysis baselines for each supported environment.

SOPs, Training, and Source Repository Management

• Develop, document, and maintain repeatable SOPs and working instructions for targeted notifications and production workflows; train new personnel on current processes and tools.

• Maintain a curated repository of classified and unclassified sources, ensuring traceability and timely aggregation of threat reporting that enables targeted notification and production activities.

• Monitor global events and provide event‑driven intelligence within the TIP, assessing implications of new laws, geopolitical shifts, and natural incidents for CIKR.

• Support exercises and real‑time incident response with TIP‑enabled intelligence, delivering rapid assessments, briefings, and coordination that increase detection, containment, and remediation effectiveness.

Required Qualifications

• Experience leading CTI operations and data management for large‑scale federal or critical‑infrastructure cybersecurity programs.

• Demonstrated ability to oversee TIP operations, data governance, ingestion pipelines, tagging standards, and intelligence production workflows.

• Strong knowledge of analytic frameworks (ATT&CK, Diamond Model, Kill Chain), threat prioritization, and targeted notification practices.

• Experience managing RFIs, dashboards/visualizations, and event‑driven reporting for leadership decision support.

• Excellent communication skills and the ability to drive continuous improvement across CTI products and processes.

• Ten years of overall cybersecurity experience with 5 years of management of cybersecurity teams

Preferred Qualifications

• Experience supporting CISA, DHS, or national‑level cyber missions.

• Familiarity with STIX/JSON/MISP data formats, TLP tagging governance, and NCISS scoring methods.

• Relevant certifications (e.g., GCTI, CISSP, GCIA, GREM, CDMP) and experience with AI/ML‑enabled detection analytics.

• Background integrating CTI with incident response, hunt operations, and vulnerability management programs.

GDIT IS YOUR PLACE

• 401K With company match.

• Health & Wellness Comprehensive health and wellness packages.

• Career Growth Internal mobility team dedicated to helping you own your career.

• Professional Development Growth opportunities including paid education and certifications.

• Innovative Tech Access to cutting-edge technology to stay ahead of the mission.

Work-Life Balance Rest and recharge with paid vacation and holidays

The likely salary range for this position is $170,000 - $230,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

Less than 10%

Telecommuting Options:

Hybrid

Work Location:

USA VA Herndon

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans