Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cyber Risk and Threat Modeling Analyst – The Chertoff Group (Washington DC)

About The Chertoff Group:

The Chertoff Group is a global advisory services firm focused on security and risk management. The firm applies security expertise, technology insights, and policy intelligence to help clients build resilient organizations, gain competitive advantage, and accelerate growth. Through the firm’s Strategic Advisory Services Practice Area, The Chertoff Group offers comprehensive security assessments, risk management strategies, policy and planning frameworks, and ongoing monitoring services to help clients anticipate, prepare for and build capabilities necessary to navigate today’s complex threat environment. The Chertoff Group is located in Washington, DC and for more information, visit or follow us on LinkedIn and Twitter.



This is an Associate / Senior Associate Level position (equaling approximately 3-7 years security-related experience)


A Successful Candidate Looks Like:

The Chertoff Group is seeking superior candidates with a combination of experiences in delivering high-end cyber risk management and threat modeling support and applying the principles of security vulnerability, threat and risk assessments within organizations. The candidate will be a consummate professional, exceedingly well organized, flexible, pronounced verbal and written communications skills, a driven and efficient researcher, and must enjoy the challenges of working in a dynamic office with a best-in-class, work-hard/play-hard team. The candidate must be willing to relocate to the Washington, DC area.


Interesting Projects You Will Work On:

  • Research and report on cyber threat actors and their associated tactics, techniques and procedures (TTPs)
  • Execute and contribute to cyber risk assessments
  • Evaluate operational security capabilities related to protective, detective, response and recovery controls
  • Participate in current-state and future-state cybersecurity maturity and effectiveness evaluations
  • Analyze open source information and intelligence
  • Evaluate cybersecurity products and services
  • Develop and present deliverables, findings and recommendations to security leaders, company managers and C-suite stakeholders
  • Support sales and business development initiatives (writing proposals and participating in pitch meetings)
  • Develop Chertoff Group content (e.g., whitepapers, blogs, podcasts, webinars, etc.) on selected security topics

Requirements and Skills:

  • Strong understanding of, and proven experience in, some combination of:
    • Information technology (IT) security operations
    • Analysis of threat capability and intent, threat actor TTPs and vulnerability mitigation
    • Security risk management policies and principles
    • Cybersecurity frameworks, standards and best practices
  • Self-starter who is a team player that embraces collaboration
  • Analytical thinker with the ability to recognize nuances, anticipate client questions and defend findings and recommendations
  • Demonstrated ability to prioritize tasks, work on multiple projects concurrently, and manage rapidly changing assignments
  • Strong presentation and communications skills, with ability to understand, assess and articulate complex issues
  • Strong proficiency in MS Office (Word, Excel, PowerPoint)
  • Willing and able to travel up to 25% of the time domestically and internationally

Nice to Have But Not Required:

  • Experience with scripting languages (Bash, Powershell, Python, etc.)
  • Experience in DevOps environment or IT operations
  • Knowledge/use of the MITRE ATT&CK framework
  • Prior experience in the delivery of high-end professional/advisory services
  • Fluency in Spanish
  • Relevant industry certifications (e.g., SEC+, CISSP, CISA, GPEN, GCIH)


  • Bachelor’s or Master’s degree in Computer Science, Engineering, Security Studies, History or relevant field
  • 3-7 years of professional experience working in or supporting a corporate or government security/cyber defense program
  • Have or be able to obtain U.S. Government National Security Clearance

Interested? Visit or send cover letter and resume to

0 Replies