The Information Systems Agency of Armenia is supporting the creation of the Armenian e-society. In leadership with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the Digital Architecture of Armenia, a Government approved approach that places interoperability, security, and high-quality service delivery as its core pillars. Our team is made up of technology and policy making specialists from a wide variety of sectors, and our aim is to work transparently, and with the participation of the public and private sector, to support Armenia in its ambitions to become a truly electronic society. 

You will manage the cyber threat intelligence (CTI) lifecycle: define intelligence requirements, collect and assess information, produce timely intelligence products, and ensure intelligence is operationalized in detection, response, and risk decisions.

The role sits at the intersection of security operations, incident response, engineering, and policy. You will work closely with SOC analysts and incident responders to turn intelligence into practical outcomes such as detections, hunting hypotheses, advisories, and mitigation guidance.

Because ISAA and AM-CERT are growing, you will help shape processes, templates, and tooling for CTI, and you will contribute to cross-department initiatives involving election security, critical infrastructure protection, and hybrid threat monitoring.

·        Develop and manage the CTI lifecycle, including intelligence requirements, collection planning, analysis, production, and dissemination to internal and external stakeholders.

·        Collect and curate intelligence from open sources, trusted partners (CERT/CSIRT communities), commercial feeds (where applicable), and internal telemetry in coordination with SOC and engineering teams.

·        Identify, track, and assess threat actors and their tactics, techniques, and procedures (TTPs); map activity to frameworks such as MITRE ATT&CK to support defensive prioritization.

·        Produce actionable intelligence products (alerts, advisories, threat briefs, actor profiles, strategic assessments) tailored to different audiences: SOC/IR, technical service owners, leadership, and national stakeholders.

·        Operationalize intelligence into security operations: support detection engineering and threat hunting by providing IOCs, behavioral patterns, hypotheses, and context to reduce false positives and improve response speed.

·        Maintain and improve CTI platforms and workflows (e.g., MISP, OpenCTI, TIP integrations) in collaboration with cybersecurity engineers; ensure data quality, tagging, and appropriate sharing controls (e.g., TLP).

·        Support incident response by providing rapid context and enrichment (threat actor assessments, related campaigns, likely objectives, recommended containment/mitigation).

·        Monitor and analyze cyber-enabled and hybrid threats, including campaigns that combine cyber activity with information manipulation or influence operations; contribute to whole-of-government situational awareness when required.

·        Coordinate information sharing with trusted national and international partners in line with established protocols, ensuring accuracy, appropriate confidence statements, and responsible handling of sensitive information.

·        Contribute to exercises, tabletop simulations, and continuous improvement by capturing lessons learned and updating playbooks, indicators, and reporting standards.

·        3+ years of experience in cyber threat intelligence, SOC operations, incident response, threat hunting, or a closely related cybersecurity role with a strong analytical focus.

·        Solid understanding of attacker tradecraft, common intrusion phases, malware and phishing concepts, and the types of evidence found in logs and endpoint/network telemetry.

·        Experience working with CTI concepts and formats (e.g., indicators, observables, confidence, attribution with caveats) and familiarity with STIX/TAXII or similar structured sharing models.

·        Ability to write clear intelligence reports and brief technical and non-technical stakeholders; strong attention to accuracy, sourcing, and analytic rigor.

·        Working knowledge of core cybersecurity tooling such as SIEM, EDR, network monitoring, and ticketing/case management systems.

·        Ability to collaborate across departments and manage multiple priorities in a dynamic environment.

·        Bachelor’s degree in Computer Science, Information Security, International Relations, or a related field - or equivalent practical experience.

Preferred experience

·        Experience working in or with a CERT/CSIRT environment, including information sharing practices and coordination during incidents.

·        Experience using CTI platforms such as MISP, OpenCTI, or other threat intelligence platforms (TIPs) and building integrations or enrichment pipelines.

·        Hands-on ability to query and analyze data for investigations or hunting (e.g., SIEM queries, EDR searches, basic packet/log analysis).

·        Scripting or data analysis skills (Python, SQL, or similar) to automate enrichment, reporting, or feed handling.

·        Familiarity with hybrid threat analysis, including the intersection of cyber operations with disinformation or influence activity, and understanding how geopolitical events can drive cyber risk.

·        Experience supporting election security, critical infrastructure protection, or public sector cybersecurity programs.

·        Professional working proficiency in Armenian and English (report writing and briefings).

Certifications we value

Certifications are an advantage (not required). Examples include:

·        GIAC Cyber Threat Intelligence (GCTI) or similar CTI-focused certifications

·        EC-Council Certified Threat Intelligence Analyst (CTIA)

·        CompTIA Security+ / CySA+ (or equivalent blue-team certification)

·        MITRE ATT&CK Defender (MAD) certifications

·        GIAC Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA) for analysts progressing from SOC/IR roles

Please send your CV to hr@isaa.am, ensuring you mention the position name in the subject line of the email.