TXCC - Cybersecurity Analyst IV-V (CTI Senior Analyst)

Cybersecurity Analyst IV-V (CTI Senior Analyst)

Organization: Texas Cyber Command

Primary Location: Texas-San Antonio

Work Locations: TXCC Headquarters 506 Dolorosa Street San Pedro One Building San Antonio 78204

Job: Computer and Mathematical

Employee Status: Regular

Schedule: Full-time

Standard Hours Per Week: 40.00

State Job Code: 03230322

Salary Admin Plan: B

Grade: 3129

Salary (Pay Basis): $11,250.00-$13,333.33 (Monthly)

Number of Openings: 1

Overtime Status: Exempt

Job Posting: May 26, 2026, 1:09:51 PM

Closing Date: Jun 10, 2026, 4:59:00 AM

The Senior Cyber Threat Intelligence Analyst performs highly advanced (senior-level) cybersecurity and intelligence analysis work leading complex cyber threat intelligence efforts that support Texas leadership, Texas Cyber Command operations, and external mission partners. The position serves as a senior analytic resource responsible for integrating strategic, operational, and technical intelligence to inform executive decision-making, support cybersecurity operations, and enhance statewide cyber resilience. Work includes leading high-impact intelligence initiatives, coordinating analytic efforts across teams and stakeholders, advancing intelligence tradecraft and methodologies, and providing expert guidance on emerging cyber threats, adversary capabilities, and risk trends affecting Texas government and critical infrastructure. Works under minimal supervision with extensive latitude for the use of initiative and independent judgment.

Essential Job Duties

• Strategic Intelligence Leadership and Analysis : Leads complex cyber threat intelligence analysis efforts and produces high-impact intelligence products supporting executive decision-making, operational planning, and cybersecurity operations. Directs and conducts advanced analysis of threat actors, campaigns, tactics, techniques, and procedures (TTPs), geopolitical developments, and emerging risks affecting Texas government and critical infrastructure. Develops strategic warning products, executive briefings, campaign assessments, actor profiles, and sector-specific intelligence reporting. Identifies long-term threat trends, systemic vulnerabilities, recurring exploit patterns, and emerging operational risks requiring enterprise attention.
• Intelligence Integration, Coordination, and Operational Support : Leads the integration of cyber threat intelligence into cybersecurity operations, incident response activities, and organizational decision-making processes. Coordinates intelligence support during active cybersecurity incidents by providing advanced contextual analysis, attribution assessments, and operational intelligence to accelerate detection, response, and recovery efforts. Develops and oversees the dissemination of indicators, detection logic, and intelligence reporting for operational use by cybersecurity teams and mission partners. Collaborates with security operations, incident response, forensics, threat hunting, and partner organizations to refine intelligence priorities, improve information sharing, and enhance operational effectiveness.
• Stakeholder Engagement, Advisement, Mission Coordination : Serves as a senior representative of the organization's intelligence function in engagements with executive leadership, governmental entities, critical infrastructure partners, and external stakeholders. Provides expert advisement and strategic briefings regarding cyber threats, emerging risks, intelligence trends, and operational impacts. Facilitates interagency coordination and information sharing initiatives and supports the development of collaborative intelligence relationships across state, federal, local, and private-sector partners. May provide guidance, mentoring, and technical leadership to analysts and other personnel.
• Tradecraft, Innovation, and Program Development : Leads efforts to strengthen intelligence tradecraft, analytic rigor, and continuous improvement initiatives across intelligence operations. Establishes and promotes standards for sourcing, confidence assessment, structured analytic techniques, and product quality. Evaluates and applies emerging technologies, including artificial intelligence and large language model tools, to improve analytic workflows and intelligence capabilities while ensuring responsible and appropriate use. Identifies opportunities to enhance methodologies, processes, tools, and intelligence integration across the organization.

Qualifications

Minimum Qualifications

• Seven (7) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline
• Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders
• Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATT&CK, Diamond Model, kill chain)
• Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination
• Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments
• Experience using AI-assisted tools in an analytic workflow

Preferred Qualifications

• Experience leading or coordinating cyber threat intelligence efforts, projects, or analytic initiatives
• Experience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators
• Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs
• Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes
• Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents
• Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content
• Experience briefing senior executives or elected officials
• Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data
• GIAC Certified Cyber Threat Intelligence (GCTI) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM), and/or CompTIA Security+ or CySA+

Knowledge, Skills, and Abilities

Knowledge of advanced cybersecurity and cyber threat intelligence principles, methodologies, adversary tradecraft, and incident response practices

Knowledge of computer systems, networks, operating systems, security technologies, and cybersecurity operational environments

Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations

Knowledge of intelligence analysis techniques, confidence assessment methodologies, structured analytic techniques, and intelligence reporting standards

Skill in leading complex intelligence analysis efforts and producing high-quality intelligence products for executive and operational audiences

Skill in synthesizing strategic, operational, and technical information into actionable intelligence and recommendations

Skill in briefing, advising, and communicating effectively with technical personnel, executive leadership, and external stakeholders

Skill in the use of cybersecurity tools, intelligence platforms, analytic technologies, and AI-assisted capabilities to support intelligence operations

Ability to exercise expert judgment in evaluating intelligence, assessing confidence levels, and identifying limitations or gaps in available information

Ability to coordinate intelligence activities across multidisciplinary teams and operational environments

Ability to work independently with extensive latitude for initiative, prioritization, and decision-making in dynamic and evolving threat environments

Ability to lead continuous improvement efforts, mentor personnel, and advance intelligence methodologies, processes, and operational integration

Working Conditions

Required to work 8 hours per day, 5 days per week

May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval

May be required to operate a state vehicle or vehicle on behalf of the State

Required to travel with possible overnight stays, as necessary

Required to conform to dress and grooming standards, work rules, and safety procedures

Required to follow non-smoking policy in all state buildings and vehicles

Military Occupation Specialty Code: The Military Occupation Specialty Codes applicable to this position can be found at this link.

Special Instructions: Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification. Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Interview Place/Time: Candidates will be notified for appointments as determined by the selection committee.

Selective Service Registration: Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective