Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftljob=00058318
You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section
How to ApplySelect the link below to search for this position: https://capps.taleo.net/careersection/371/jobsearch.ftllang=en
Enter the job posting number and#8220; and#8221; in the keyword search.
You must create a CAPPS Career Section candidate profile or be logged in to apply.
Update your profile and apply for the job by navigating through the pages and steps.
Once ready, select and#8220;Submitand#8221; on the and#8220;Review and Submitand#8221; page.
If you have problems accessing the CAPPS Career Section, please follow the instructions in theResetting CAPPS Password for Job Candidatedesk aid.The Cyber Threat Intelligence Analyst performs advanced (senior-level) cybersecurity and information security analysis work, producing intelligence that informs Texas leadership, supports defenders across Texas Cyber Command, and enables collaboration with external partners. This role translates data, reporting, and technical findings into actionable intelligence that guides decision-making and strengthens cyber defense efforts. Operating under limited supervision with considerable latitude for initiative and independent judgment, the analyst works across strategic and technical domains and provides expert analysis to support the protection of state information systems and infrastructure.The classification and salary for this position will be based on candidate experience and qualifications and will fit into a range as follows:Cybersecurity Analyst III -- $8,666.66 - $9,583.33 monthlyCybersecurity Analyst IV -- $10,583.33 - $11,416.66 monthlyEssential Job DutiesIntelligence Creation and AnalysisResearches, develops, and produces intelligence products that inform cybersecurity operations and executive decision-making. Analyzes threat actors, campaigns, and tactics, techniques, and procedures (TTPs) relevant to Texas government and critical infrastructure. Translates geopolitical and operational developments into cyber risk assessments, including identification of likely adversary actions and sectors at elevated risk. Produces a range of intelligence products, including executive briefings, strategic warning, campaign analysis, actor profiles, sector-specific assessments, and incident-related reporting. Conducts in-depth analytic efforts to identify trends, recurring exploit paths, access patterns, and emerging threats requiring sustained attention.Intelligence Application and Operational SupportApplies cyber threat intelligence to support cybersecurity operations and organizational decision-making. Develops and disseminates indicators, detection logic, and contextual reporting to enable operational use by security teams. Supports active cybersecurity incidents by providing intelligence enrichment, attribution hypotheses, and contextual analysis to accelerate detection, response, and recovery efforts. Maintains a continuous feedback loop with security operations, incident response, and forensics teams to refine intelligence requirements and improve the effectiveness of intelligence products. Researches and analyzes cybersecurity threat indicators and behaviors to support the prevention, detection, containment, and mitigation of data security threats and incidents.Stakeholder Engagement and CommunicationEngages with executive leadership, partner agencies, and external stakeholders to communicate cyber threat intelligence and represent the organizationand#8217;s intelligence function. Presents intelligence findings through briefings, reports, and discussions tailored to technical and non-technical audiences. Supports interagency coordination and information sharing efforts. Promotes cybersecurity awareness by communicating relevant threat information and educating stakeholders on risks, trends, and best practices.Tradecraft, Innovation, and Continuous ImprovementMaintains and advances intelligence tradecraft, analytic rigor, and continuous improvement of intelligence processes. Applies structured analytic techniques and ensures adherence to standards for sourcing, confidence assessment, and analytic integrity across all products. Leverages artificial intelligence and emerging technologies, including large language model tools, to enhance analytic workflows while exercising appropriate judgment regarding accuracy, reliability, and appropriate use. Identifies opportunities to improve methodologies, tools, and processes to increase the quality, efficiency, and impact of intelligence outputs.
Qualifications: Minimum QualificationsFive (5) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline
Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders
Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATTCK, Diamond Model, kill chain)
Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination
Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments
Experience using AI-assisted tools in an analytic workflowPreferred QualificationsExperience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators
Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs
Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes
Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents
Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content
Experience briefing senior executives or elected officials
Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data
Certification in GIAC Certified Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or CompTIA Security+ or CySA+Knowledge, Skills, and AbilitiesKnowledge of cybersecurity and information security principles, including adversary tradecraft, intrusion lifecycle concepts, analytic frameworks, and incident response practices.Knowledge of cybersecurity controls, practices, procedures, and applicable laws, regulations, and standards.Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations.Knowledge of intelligence analysis principles, including sourcing, confidence assessment, and structured analytic techniques.Skill in producing clear, concise, and analytically sound written products and briefings tailored to diverse audiences, including executive leadership and technical stakeholders.Skill in analyzing complex information, synthesizing strategic and technical context, and developing actionable insights and recommendations.Skill in effective oral and written communication, including presentations, collaboration, and stakeholder engagement.Skill in the use of cybersecurity tools, software, and analytic platforms to support intelligence production and analysis.Ability to exercise sound judgment in evaluating informat
