TXCC - Cybersecurity Analyst IV-V (CTI Senior Analyst)

Job Description - TXCC - Cybersecurity Analyst IV-V (CTI Senior Analyst) (00058494) Job Description TXCC - Cybersecurity Analyst IV-V (CTI Senior Analyst) ( 00058494 ) Organization : Texas Cyber Command Primary Location Primary Location : Texas-San Antonio Work Locations : TXCC Headquarters 506 Dolorosa Street San Pedro One Building San Antonio 78204 Enter the job posting number “ ” in the keyword search. You must create a CAPPS Career Section candidate profile or be logged in to apply. Update your profile and apply for the job by navigating through the pages and steps. Once ready, select “Submit” on the “Review and Submit” page. The Senior Cyber Threat Intelligence Analyst performs highly advanced (senior-level) cybersecurity and intelligence analysis work leading complex cyber threat intelligence efforts that support Texas leadership, Texas Cyber Command operations, and external mission partners. The position serves as a senior analytic resource responsible for integrating strategic, operational, and technical intelligence to inform executive decision-making, support cybersecurity operations, and enhance statewide cyber resilience. Work includes leading high-impact intelligence initiatives, coordinating analytic efforts across teams and stakeholders, advancing intelligence tradecraft and methodologies, and providing expert guidance on emerging cyber threats, adversary capabilities, and risk trends affecting Texas government and critical infrastructure. Works under minimal supervision with extensive latitude for the use of initiative and independent judgment. Strategic Intelligence Leadership and Analysis Leads complex cyber threat intelligence analysis efforts and produces high-impact intelligence products supporting executive decision-making, operational planning, and cybersecurity operations. Directs and conducts advanced analysis of threat actors, campaigns, tactics, techniques, and procedures (TTPs), geopolitical developments, and emerging risks affecting Texas government and critical infrastructure. Develops strategic warning products, executive briefings, campaign assessments, actor profiles, and sector-specific intelligence reporting. Identifies long-term threat trends, systemic vulnerabilities, recurring exploit patterns, and emerging operational risks requiring enterprise attention Intelligence Integration, Coordination, and Operational Support Leads the integration of cyber threat intelligence into cybersecurity operations, incident response activities, and organizational decision-making processes. Coordinates intelligence support during active cybersecurity incidents by providing advanced contextual analysis, attribution assessments, and operational intelligence to accelerate detection, response, and recovery efforts. Develops and oversees the dissemination of indicators, detection logic, and intelligence reporting for operational use by cybersecurity teams and mission partners. Collaborates with security operations, incident response, forensics, threat hunting, and partner organizations to refine intelligence priorities, improve information sharing, and enhance operational effectiveness. Serves as a senior representative of the organization’s intelligence function in engagements with executive leadership, governmental entities, critical infrastructure partners, and external stakeholders. Provides expert advisement and strategic briefings regarding cyber threats, emerging risks, intelligence trends, and operational impacts. Facilitates interagency coordination and information sharing initiatives and supports the development of collaborative intelligence relationships across state, federal, local, and private-sector partners. May provide guidance, mentoring, and technical leadership to analysts and other personnel. Tradecraft, Innovation, and Program Development Leads efforts to strengthen intelligence tradecraft, analytic rigor, and continuous improvement initiatives across intelligence operations. Establishes and promotes standards for sourcing, confidence assessment, structured analytic techniques, and product quality. Evaluates and applies emerging technologies, including artificial intelligence and large language model tools, to improve analytic workflows and intelligence capabilities while ensuring responsible and appropriate use. Identifies opportunities to enhance methodologies, processes, tools, and intelligence integration across the organization. Qualifications Minimum Qualifications Seven (7) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATT&CK, Diamond Model, kill chain) Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments Experience using AI-assisted tools in an analytic workflow Preferred Qualifications Experience: Experience leading or coordinating cyber threat intelligence efforts, projects, or analytic initiatives Experience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content Experience briefing senior executives or elected officials Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data Licensure: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM), and/or CompTIA Security+ or CySA+ Knowledge, Skills, and Abilities Knowledge of advanced cybersecurity and cyber threat intelligence principles, methodologies, adversary tradecraft, and incident response practices Knowledge of computer systems, networks, operating systems, security technologies, and cybersecurity operational environments Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations. Knowledge of intelligence analysis techniques, confidence assessment methodologies, structured analytic techniques, and intelligence reporting standards Skill in leading complex intelligence analysis efforts and producing high-quality intelligence products for executive and operational audiences Skill in synthesizing strategic, operational, and technical information into actionable intelligence and recommendations Skill in briefing, advising, and communicating effectively with technical personnel, executive leadership, and external stakeholders Skill in the use of cybersecurity tools, intelligence platforms, analytic technologies, and AI-assisted capabilities to support intelligence operations Ability to exercise expert judgment in evaluating intelligence, assessing confidence levels, and identifying limitations or gaps in available information Ability to coordinate intelligence activities across multidisciplinary teams and operational environments Ability to work independently with extensive latitude for initiative, prioritization, and decision-making in dynamic and evolving threat environments Ability to lead continuous improvement efforts, mentor personnel, and advance intelligence methodologies, processes, adn operational integration Working Conditions Required to work 8 hours per day, 5 days per week May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval May be required to operate a state vehicle or vehicle on behalf of the State Required to travel with possible overnight stays, as necessary Required to conform to dress and grooming standards, work rules, and safety procedures Required to follow non-smoking policy in all state buildings and vehicles Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate howthey meet the position qualifications. Incomplete applications may result in disqualification. Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application. Interview Place/Time Candidates will be notified for appointments as determined by the selection committee. Selective Service Registration Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment. We are unable to sponsor or take over sponsorship of an employment Visa at this time. Must be a citizen of the United States. Equal Opportunity Employer Texas Cyber Command does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call View phone number on click.appcast.io to request reasonable accommodation. #J-18808-Ljbffr Centralized Accounting and Payroll/Personnel System