Threat Intelligence Liaison (US Federal)

About the position This role will support one or more direct or indirect contracts with the U.S. Federal Government which, due to federal government security requirements, mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native). The Threat Intelligence Liaison serves as the primary intelligence integration point between customer stakeholders, Workday Security teams, and external intelligence organizations. This position ensures relevant threat intelligence is translated into actionable insights that enhance SOC monitoring, detection engineering, and overall security posture across government SaaS environments — including air-gapped region (AGR) deployments. This is a single-billet, high-impact role requiring strategic thinking, operational cybersecurity knowledge, and strong executive communication skills.

Responsibilities

• Collect, evaluate, and analyze threat intelligence from government stakeholders, industry partners, and intelligence-sharing communities
• Map adversary tactics and techniques to the MITRE ATT&CK® framework
• Translate intelligence into detection requirements, hunting hypotheses, and SOC briefings
• Partner closely with SOC analysts and detection engineers to operationalize intelligence
• Deliver executive and technical intelligence reports and threat landscape updates
• Serve as the primary liaison for intelligence engagement with customer cybersecurity leadership
• Identify detection gaps and recommend mitigation strategies

Requirements

• 7+ years of experience in cybersecurity, threat intelligence, incident response, or related field
• Experience supporting SOC operations and/or detection engineering teams
• Strong understanding of adversary TTPs and the intelligence lifecycle
• Ability to brief both technical and executive audiences
• Excellent written and verbal communication skills

Nice-to-haves

• Experience supporting SaaS platforms within government networks
• Familiarity with guidance from CISA, NSA, and NIST
• Experience with intelligence platforms (e.g., MISP, commercial threat intel tools)
• Clearance eligibility