Cyber Risk Defense Principal - Cyber Threat Intelligence

This senior level employee is primarily responsible for managing and directing the maintenance and protection of integrity and reliability of the security of data, systems and networks.

• Drives the execution of multiple work streams by identifying customer and operational needs; developing and updating new procedures and policies; gaining cross-functional support for objectives and priorities; translating business strategy into actionable business requirements; obtaining and distributing resources; setting standards and measuring progress; removing obstacles that impact performance; guiding performance and developing contingency plans accordingly; solving highly complex issues; and influencing the completion of project tasks by others.


• Practices self-leadership and promotes learning in others by soliciting and acting on performance feedback; building collaborative, cross-functional relationships; communicating information and providing advice to drive projects forward; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership; influencing, mentoring, and coaching team members; fostering open dialogue amongst team members; evaluating and responding to the strengths and weaknesses of self and unit members; and adapting to and learning from change, difficulties, and feedback.


• Leads team in the proactive monitoring and/or response to known or emerging threats against the KP network.


• Effectively communicates investigative findings to non-technical audiences.


• Provides consultation in regular operations meeting with Cyber Risk Defense Center (CRDC) teams.


• Drives closed loop processes on security efforts by providing feedback to the TDA leads and/or leadership.


• Demonstrates a consulting value by recommending adjustments to the collection strategy for deltas in scope, size, or emerging security threats. 3-3


• Drives information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.


• Serves as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.


• Drives the development of the CRDC intellectual capital by leading process or procedure improvements, consulting on brown bag training sessions, and leading the development of new training documents.


• Builds partnerships with the CRDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.


• Facilitates follow-up remediation design and review efforts related to highly complex security events.


• Leads the investigation and triage of a wide variety of security events across cyber security domains.


• Serves as a subject matter expert in performing complex data analyses to support security event management processes, including root cause analysis.


• Coordinates the response and resolution of high impact or critical cyber security incidents.


• Provides insight and influence in determining the strategic direction for the development and deployment of threat detection capabilities and/or incident response plans.


• Drives the development and implementation of incident detection and/or handling processes which may include containment, protection, and remediation activities.