Government and Public Sector – Technology Consulting - Cybersecurity – Cyber Threat Intelligence Senior Consultant

The opportunity

EY’s Government & Public Sector (GPS) Cyber Security practice helps Federal, State, Local, and Education clients protect mission critical systems, manage cyber risk, and improve resilience. Our teams support clients in designing, building, and maturing intelligence led cybersecurity capabilities that enable informed decisions and operational effectiveness.

As a Cyber Threat Intelligence (CTI) Senior, you will shape intelligence‑led cybersecurity programs for government clients, with a focus on program design, operational integration, and long‑term capability maturity.

The role emphasizes program ownership, trusted advisory leadership, solution development, and operational involvement to guide delivery teams, validate analytic approaches, and drive measurable mission and risk outcomes.

Role summary

The CTI Senior supports the development and expansion of intelligence led cyber security programs, including supply chain risk management (CSCRM) and third-party risk use cases. You will own delivery of CTI capabilities across one or more engagements, advise senior client stakeholders on CTI operating models and technologies, mentor analysts and consultants, and contribute to practice growth through capture support, solution shaping, and thought leadership.

You will position CTI as a control‑enabling function that supports Zero Trust initiatives, supply‑chain assurance, and enterprise risk decision‑making across classified and unclassified environments.

This role is designed for a professional who understands how CTI should function operationally while focusing on building, guiding, improving programs, and running intelligence operations as required.

Key responsibilities

CTI Program Design & Enablement

• Lead the design, maturation, and scaling of cyber threat intelligence programs, including operating models, governance, workflows, analytic standards, and quality controls.
• Help clients define intelligence requirements aligned to mission, risk, and operational priorities.
• Align intelligence requirements to federal cybersecurity frameworks and mission assurance objectives (e.g., NIST CSF, Zero Trust).
• Develop recommendations and roadmaps to improve CTI effectiveness and integration across cybersecurity and risk functions.
• Lead intelligence‑driven supply chain and ecosystem risk capabilities that inform acquisition, vendor trust, and mission partner assurance decisions.
• Apply CTI to nation‑state and criminal targeting of suppliers in support of EO 14028, NIST 800‑161, and CMMC‑aligned risk programs.

CTI Technology & Integration Advisory

• Advise clients on the selection, implementation, and optimization of CTI platforms and tooling.
• Support the design of intelligence pipelines for collection, enrichment, scoring, and dissemination.
• Guide integration of CTI into SOC, Incident Response, Vulnerability Management, and cybersecurity risk management programs.
• Leverage knowledge of automation and scripting concepts to inform scalable program design.
• Understand how automation, analytics, and emerging AI capabilities influence modern
• CTI production and consumption models.

Advisory Support & Operational Alignment

• Serve as an advisor to security and risk teams on how to consume and operationalize intelligence.
• Provide subject matter guidance during incidents or threat investigations as needed, without acting as the primary operator.
• Provide intelligence outputs that directly inform executive, operational, and risk‑based decisions during high‑impact events.
• Translate intelligence concepts into clear risk and mission impact narratives for client stakeholders.

Team Leadership & Development

• Mentor CTI analysts and junior team members on intelligence tradecraft, analytic rigor, and quality standards.
• Review and provide feedback on intelligence products to ensure clarity, relevance, and consistency.
• Support onboarding and development of CTI resources as programs grow.

Business Development & Growth Support

• Support business development and capture efforts, including proposal development, solution shaping, and client briefings.
• Partner with account teams to identify opportunities to expand CTI services.
• Contribute to EY methodologies, accelerators, and thought leadership related to cyber threat intelligence and intelligence led risk management.

Skills and attributes for success

• Strong understanding of cyber threat intelligence tradecraft, including MITRE ATT&CK, the Intelligence Cycle, and structured analytic techniques.
• Experience helping to design, build, or mature CTI programs.
• Knowledge of how CTI supports supply chain risk management, third party risk, vulnerability prioritization, and incident response.
• Familiarity with Threat Intelligence Platforms (TIPs) and intelligence integration patterns.
• Strong communication skills with the ability to advise technical teams and brief senior stakeholders.
• Comfort working in a client facing consulting environment.

To qualify for the role, you must have

• Bachelor’s degree (or equivalent experience) in Cybersecurity, Computer Science, Information Systems, Engineering, Business, or a related field.
• 5+ years of experience in cyber threat intelligence, cybersecurity operations, or risk management.
• Demonstrated experience supporting or leading CTI capability development.
• Experience with intelligence standards such as STIX/TAXII, DHS TLP, and ICD 203/206.
• Familiarity with NIST CSF, Zero Trust concepts, and federal SCRM expectations.
• One or more relevant certifications (e.g., CISSP, CISM, GIAC GCTI/GDAT/GMON, OSCP, CEH).
• Must have an active TS/SCI clearance with eligibility for a polygraph.
• Must be comfortable working in-person as needed in the greater Washington, DC area (usually on-site 3 days per week).
• Willingness to travel 20–30% based on client needs.

Ideally, you’ll also have

• Prior consulting experience.
• Experience standing up CTI programs from concept through early operational maturity.
• Experience with leading CTI platforms, such as: Recorded Future, CrowdStrike (Falcon Intelligence / Adversary Intelligence), Mandiant Advantage, Anomali, ThreatConnect, EclecticIQ
• Experience applying CTI to supply chain, third party, or ecosystem risk management.
• Background in government, defense, intelligence, or critical infrastructure environments.

What we look for

We’re looking for professionals who understand how to build intelligence capabilities that last. You bring practical experience, strong judgment, and the ability to help clients turn threat intelligence into meaningful risk and mission outcomes—while supporting EY’s growth and delivery objectives.