TXCC - Cybersecurity Analyst III-IV (CTIC Analyst)

Cybersecurity Analyst III-IV (CTIC Analyst)

The Cyber Threat Intelligence Analyst performs advanced (senior-level) cybersecurity and information security analysis work, producing intelligence that informs Texas leadership, supports defenders across Texas Cyber Command, and enables collaboration with external partners. This role translates data, reporting, and technical findings into actionable intelligence that guides decision-making and strengthens cyber defense efforts. Operating under limited supervision with considerable latitude for initiative and independent judgment, the analyst works across strategic and technical domains and provides expert analysis to support the protection of state information systems and infrastructure.

The classification and salary for this position will be based on candidate experience and qualifications and will fit into a range as follows: Cybersecurity Analyst III -- $8,666.66 - $9,583.33 monthly Cybersecurity Analyst IV -- $10,583.33 - $11,416.66 monthly

Essential Job Duties

• Intelligence Creation and Analysis : Researches, develops, and produces intelligence products that inform cybersecurity operations and executive decision-making. Analyzes threat actors, campaigns, and tactics, techniques, and procedures (TTPs) relevant to Texas government and critical infrastructure. Translates geopolitical and operational developments into cyber risk assessments, including identification of likely adversary actions and sectors at elevated risk. Produces a range of intelligence products, including executive briefings, strategic warning, campaign analysis, actor profiles, sector-specific assessments, and incident-related reporting. Conducts in-depth analytic efforts to identify trends, recurring exploit paths, access patterns, and emerging threats requiring sustained attention.
• Intelligence Application and Operational Support : Applies cyber threat intelligence to support cybersecurity operations and organizational decision-making. Develops and disseminates indicators, detection logic, and contextual reporting to enable operational use by security teams. Supports active cybersecurity incidents by providing intelligence enrichment, attribution hypotheses, and contextual analysis to accelerate detection, response, and recovery efforts. Maintains a continuous feedback loop with security operations, incident response, and forensics teams to refine intelligence requirements and improve the effectiveness of intelligence products. Researches and analyzes cybersecurity threat indicators and behaviors to support the prevention, detection, containment, and mitigation of data security threats and incidents.
• Stakeholder Engagement and Communication : Engages with executive leadership, partner agencies, and external stakeholders to communicate cyber threat intelligence and represent the organization's intelligence function. Presents intelligence findings through briefings, reports, and discussions tailored to technical and non-technical audiences. Supports interagency coordination and information sharing efforts. Promotes cybersecurity awareness by communicating relevant threat information and educating stakeholders on risks, trends, and best practices.
• Tradecraft, Innovation, and Continuous Improvement : Maintains and advances intelligence tradecraft, analytic rigor, and continuous improvement of intelligence processes. Applies structured analytic techniques and ensures adherence to standards for sourcing, confidence assessment, and analytic integrity across all products. Leverages artificial intelligence and emerging technologies, including large language model tools, to enhance analytic workflows while exercising appropriate judgment regarding accuracy, reliability, and appropriate use. Identifies opportunities to improve methodologies, tools, and processes to increase the quality, efficiency, and impact of intelligence outputs.

Qualifications

Minimum Qualifications

• Five (5) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline
• Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders
• Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATT&CK, Diamond Model, kill chain)
• Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination
• Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments
• Experience using AI-assisted tools in an analytic workflow

Preferred Qualifications

• Experience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators
• Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs
• Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes
• Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents
• Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content
• Experience briefing senior executives or elected officials
• Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data
• Certification in GIAC Certified Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or CompTIA Security+ or CySa+

Knowledge, Skills, and Abilities

• Knowledge of cybersecurity and information security principles, including adversary tradecraft, intrusion lifecycle concepts, analytic frameworks, and incident response practices.
• Knowledge of cybersecurity controls, practices, procedures, and applicable laws, regulations, and standards.
• Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations.
• Knowledge of intelligence analysis principles, including sourcing, confidence assessment, and structured analytic techniques.
• Skill in producing clear, concise, and analytically sound written products and briefings tailored to diverse audiences, including executive leadership and technical stakeholders.
• Skill in analyzing complex information, synthesizing strategic and technical context, and developing actionable insights and recommendations.
• Skill in effective oral and written communication, including presentations, collaboration, and stakeholder engagement.
• Skill in the use of cybersecurity tools, software, and analytic platforms to support intelligence production and analysis.
• Ability to exercise sound judgment in evaluating information, including assessing source reliability, analytic confidence, and limitations of available evidence.
• Ability to interpret technical artifacts (e.g., logs, network data, malware reports) to support analytic conclusions.
• Ability to work independently, prioritize tasks, and adapt in a dynamic, evolving environment.
• Ability to apply structured problem-solving, build effective working relationships, and leverage emerging technologies, including AI-assisted tools, responsibly and effectively.

Working Conditions

• Required to work 8 hours per day, 5 days per week
• May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval
• May be required to operate a state vehicle or vehicle on behalf of the State
• Required to travel with possible overnight stays, as necessary
• Required to conform to dress and grooming standards, work rules, and safety procedures
• Required to follow non-smoking policy in all state buildings and vehicles