USAID Cybersecurity for Critical Infrastructure in Ukraine Activity/DAI Global
17 лютого 2023

Threat Intelligence Analyst (вакансія неактивна)


The purpose of the US Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity is to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks by establishing trusted collaboration between key cybersecurity stakeholders in the government, private sector, academia, and civil society. The activity aims to achieve this goal by implementing the following activity components:

Component 1: Strengthen the cybersecurity enabling environment

The legal, regulatory, and institutional framework for national cybersecurity in Ukraine needs to be strengthened and aligned with international standards and best practices. This component will strengthen the cybersecurity resilience of Ukraine’s critical infrastructure sectors by addressing legislative gaps, promoting good governance, enabling collaboration between stakeholders, and supporting cybersecurity institutions.

Component 2: Develop Ukraine’s cybersecurity workforce

Ukraine suffers from a severe shortage of cybersecurity professionals. This component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity will address workforce gaps through activities that develop new cybersecurity talent and build the capacity of existing talent. These activities will address the entire workforce pipeline, the quality of education received by cybersecurity specialists, and industry training programs to rapidly upskill Ukraine’s workforce to respond to immediate cybersecurity vulnerabilities.

Component 3: Build a resilient cybersecurity industry

A growing cybersecurity industry in Ukraine will contribute directly to national security and prosperity. This component will seek to build trust and collaboration between the public and private sector to develop innovative solutions for future cybersecurity challenges; spur investment and growth in the broader cybersecurity market in Ukraine through greater access to financing; support smaller cybersecurity companies to rapidly increase the number of local cybersecurity service providers; and offer mechanisms for Ukrainian firms to connect with industry partners to enable better access to innovations and business opportunities.


The National Security and Defense Council (NSDC) is one of Ukraine’s key government authorities and one of the Activity’s primary stakeholders. The National Coordination Center for Cybersecurity (NCCC), under the NSDC, is responsible for overseeing and coordinating implementation of cybersecurity policy as it relates to national security. The NSDC has developed a new Cybersecurity Strategy (Strategy) to address cyber security challenges and advance cyber capabilities of Ukraine.   

However, NSDC/NCCC need more comprehensive analytical assistance, developing their analytical capacity, and sharing with other cyber stakeholders ongoing assessments of the cyber security threat landscape. The Activity assists NSDC/NCCC in improving their analytical capability and provides rapid analytical support for those tasks.

Activity is looking for the services of a Threat Intelligence Analyst to identify priority areas for the analytical tasks, analyze tactics of cyberattacks on critical infrastructure operators, determine cyber activities patterns, establish processes for cyberattacks responses, and build capacity on protecting critical infrastructure in cyberspace. This work will be in close coordination with NSDC/NCCC representatives.  

The Activity is looking for a Threat Intelligence Analyst to:

  • Participate in Cyberthreats and APT activities assessment (including tactics, techniques, and procedures (TTP), aims and vectors of attack)
  • Support the establishment of Threat intelligence / Threat hunting (TI/TH) processes in the NCCC, which includes: monitoring of the Internet, development of SCAD elements of TI/TH, preparation of informational materials within the framework of TI/TH processes.

The Threat Intelligence Analyst will work under the oversight of the Enabling Environment Lead. 



Due by date

Monthly report on cyberthreats which should contain results on:

  1. Setting up scenarios of cyber responses while receiving data from network nodes;
  2. Conducting activities to improve the interaction between systems for collecting and exchanging information on cyber incidents;
  3. Providing analysis on incidents and their consequences with developed recommendations for remediation;
  4. Connecting new clients to the cyber incident monitoring services, including the development of instructions on:

— systems for collecting and exchanging information about cyber incidents;

— connecting to information collection and exchange systems;

  1. Development of incident detection scenarios for event monitoring and correlation systems.

On the monthly basis

  • Bachelor’s degree in Information Technology, Information Security/Cybersecurity, Engineering or related field of study.
  • 2+ years of professional experience in a Cyber Threat Intelligence.
  • Experience of computer systems engineering for GOU authorities (desired);
  • Previous experience in monitor and response to cybersecurity incidents preferred;
  • Experience with using and troubleshooting cybersecurity and IT tools.
  • Knowledge of the intelligence cycle/process
  • Knowledge of Threat intelligence / Threat hunting
  • Knowledge of the principles of auditing information systems based on Windows OS, * nix, network equipment
  • Knowledge of log collection protocols, formats and software: Syslog, CEF, JSON, nxlog, fluentd, logstash
  • Knowledge of the principles and tools of system and network security organization (FW, WAF, IPS, SIEM, Honeypot, etc.);
  • Experience working with any of the SIEM systems;
  • Experience in administration of IPS/IDS systems
  • Understanding of various enterprise IT and cloud architectures and technologies such as networks, server infrastructure, operating systems, web applications, databases, containerization and mobile devices
  • Experience working in a cyber security operations center, or participating in a red or blue team and the ability to work as both an attacker and a defender
  • Windows/Unix administration experience;
  • Experience using security scanners (nmap, nessus);
  • Experience with attack detection systems (IDS/IPS, HIDS/HIPS);
  • Knowledge: Python, other modern programming languages.
  • Certificates:
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Cyber Threat Intelligence (GCTI)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Incident Handler Engineer (CIHE)
  • Information Systems Security Engineering Professional (ISSEP)

Period of Performance — April 1, 2023 — April 1, 2024

Qualified candidates should send their CV and cover letter with the name of position in the subject line to [email protected] by Mar 30 2023 6:00pm Kyiv time. Only short-listed candidates will receive notice requesting additional information.