USAID Cybersecurity for Critical Infrastructure in Ukraine Activity/DAI Global
22 січня 2023

Threat Intelligence Coordinator (вакансія неактивна)


The purpose of the US Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity is to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks by establishing trusted collaboration between key cybersecurity stakeholders in the government, private sector, academia, and civil society. The activity aims to achieve this goal by implementing the following activity components:

Component 1: Strengthen the cybersecurity enabling environment

The legal, regulatory, and institutional framework for national cybersecurity in Ukraine needs to be strengthened and aligned with international standards and best practices. This component will strengthen the cybersecurity resilience of Ukraine’s critical infrastructure sectors by addressing legislative gaps, promoting good governance, enabling collaboration between stakeholders, and supporting cybersecurity institutions.

Component 2: Develop Ukraine’s cybersecurity workforce

Ukraine suffers from a severe shortage of cybersecurity professionals. This component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity will address workforce gaps through activities that develop new cybersecurity talent and build the capacity of existing talent. These activities will address the entire workforce pipeline, the quality of education received by cybersecurity specialists, and industry training programs to rapidly upskill Ukraine’s workforce to respond to immediate cybersecurity vulnerabilities.

Component 3: Build a resilient cybersecurity industry

A growing cybersecurity industry in Ukraine will contribute directly to national security and prosperity. This component will seek to build trust and collaboration between the public and private sector to develop innovative solutions for future cybersecurity challenges; spur investment and growth in the broader cybersecurity market in Ukraine through greater access to financing; support smaller cybersecurity companies to rapidly increase the number of local cybersecurity service providers; and offer mechanisms for Ukrainian firms to connect with industry partners to enable better access to innovations and business opportunities.


The National Security and Defense Council (NSDC) is one of Ukraine’s key government authorities and one of the Activity’s primary stakeholders. The National Coordination Center for Cybersecurity (NCCC), under the NSDC, is responsible for overseeing and coordinating implementation of cybersecurity policy as it relates to national security. The NSDC has developed a new National Cybersecurity Strategy (Strategy) to address cybersecurity challenges and advance cyber capabilities of Ukraine.   

However, NCCC needs more comprehensive analytical assistance to develop their analytical capacity and facilitate its coordination work with other cyber stakeholders in strengthening cybersecurity landscape. The Activity assists NSDC/NCCC in improving their analytical capacity and provides rapid analytical support.

The Activity is looking for the services of a Threat Intelligence Coordinator to identify priority areas for the analytical tasks, analyze tactics of cyberattacks on critical infrastructure operators, determine cyber activities patterns, establish processes for cyberattacks responses, and build capacity on protecting critical infrastructure in cyberspace. This work will be carried out in close coordination with representatives of the NSDC/NCCC.

The Activity is looking for a Threat Intelligence Coordinator to:

  • Lead the Cyberthreats and APT activities assessment (including tactics, techniques, and procedures (TTP), aims and vectors of attacks)
  • Determining the trend of threat development (for further modeling of threats and security incidents, preparing recommendations for detection, analytical processing of cyber incidents and conducting research on threats, vulnerabilities and attack analysis)
  • Setting up of Threat intelligence / Threat hunting (TI/TH) processes in the NCCC, which includes: monitoring of the Internet, development of SCAD elements of TI/TH, preparation of informational materials within the framework of TI/TH processes.

The Threat Intelligence Coordinator will work under the oversight of the Enabling Environment Lead. 



Due by date

Monthly report on cyberthreats which should contain results on:

  1. Monitoring of cyber threats regarding the activity of APT groups, their tactics, techniques and procedures (TTP) and goals
  2. Updating the Cyber Threat Response documentation
  3. Updating knowledge bases on cyber threats, attack vectors, threat actors and threat trends
  4. Providing recommendations on detection and analysis of cyber incidents
  5. Conducting analysis of threats, vulnerabilities and attacks on the infrastructure of cybersecurity entities
  6. Providing analysis of hypotheses, predictive models and construction of cause-and-effect relationships within the framework of Threat intelligence / Threat hunting (TI/TH) processes
  7. Developing proposals for remediation or prevention of cyberattacks
  8. Monitoring the open-source internet data on threat analysis (TI/TH)
  9. Build proposals, hypotheses and develop expected results on threat analysis (TI/TH) in the NCCC
  10. Develop informational materials on threat analysis (TI/TH)
  11. Provide proposals for updating Rules for Event Monitoring and Correlation Systems

On the monthly basis


  • Bachelor’s degree in Information Technology, Information Security/Cybersecurity Engineering or related field of study.
  • 4+ years of professional experience in a Cyber Threat Intelligence.
  • Experience of computer systems engineering for GOU authorities (desired);
  • Previous experience in monitor and response to cybersecurity incidents preferred;
  • Experience analyzing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translate these into actionable intelligence for our SOC.
  • Experience with using and troubleshooting cybersecurity and IT tools.
  • Knowledge of the intelligence cycle/process
  • Knowledge of Threat intelligence / Threat hunting
  • Skills in creating YARA, SIGMA, Snort, etc. rules
  • Understanding of various enterprise IT and cloud architectures and technologies such as networks, server infrastructure, operating systems, web applications, databases, containerization and mobile devices
  • Experience working in a cybersecurity operations center, or participating in a red or blue team and the ability to work as both an attacker and a defender
  • Windows/Unix administration experience;
  • Experience using security scanners (nmap, nessus);
  • Experience with attack detection systems (IDS/IPS, HIDS/HIPS);
  • Experience in IS monitoring or IS incident investigation
  • Certificates:
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Cyber Threat Intelligence (GCTI)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Incident Handler Engineer (CIHE)
  • Information Systems Security Engineering Professional (ISSEP)

Period of Performance — 1 January 2023 −31 December 2023

Maximum Level of Effort — 230 working days

Qualified candidates should send their CV and cover letter with the name of position in a subject line to [email protected]. by 16 February 2023 6:00 pm Kyiv time. Only short-listed candidates will receive notice requesting additional information.