TXCC - Cybersecurity Analyst III-IV (CTIC Analyst)

TXCC

• Cybersecurity Analyst III-IV (CTIC Analyst) ( 00058318 )

Organization :

Texas Cyber Command Primary Location :

Texas-San Antonio Work Locations :

TXCC Headquarters 506 Dolorosa Street San Pedro One Building San Antonio 78204

Job :

Computer and Mathematical Employee Status :

Regular Schedule :

Full-time Standard Hours Per Week :

40.00

State Job Code :

0321 0322

Salary Admin Plan :

B Grade :

27 29 Salary (Pay Basis) : 8,666.66

• 11,416.

66 (Monthly)

Number of Openings :

3

Overtime Status :

Exempt Job Posting :

May 13, 2026, 10:18:29

AM Closing Date :

Ongoing Description How to Apply Select the link below to search for this position: https://capps.taleo.net/careersection/371/jobsearch.ftl?lang=en Enter the job posting number " " in the keyword search. You must create a CAPPS Career Section candidate profile or be logged in to apply. Update your profile and apply for the job by navigating through the pages and steps. Once ready, select "Submit" on the "Review and Submit" page. If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid. The Cyber Threat Intelligence Analyst performs advanced (senior-level) cybersecurity and information security analysis work, producing intelligence that informs Texas leadership, supports defenders across Texas Cyber Command, and enables collaboration with external partners. This role translates data, reporting, and technical findings into actionable intelligence that guides decision-making and strengthens cyber defense efforts. Operating under limited supervision with considerable latitude for initiative and independent judgment, the analyst works across strategic and technical domains and provides expert analysis to support the protection of state information systems and infrastructure. The classification and salary for this position will be based on candidate experience and qualifications and will fit into a range as follows: Cybersecurity Analyst III

• $8,666.66
• $9,583.33 monthly Cybersecurity Analyst IV
• $10,583.33
• $11,416.

66 monthly Essential Job Duties Intelligence Creation and Analysis Researches, develops, and produces intelligence products that inform cybersecurity operations and executive decision-making. Analyzes threat actors, campaigns, and tactics, techniques, and procedures (TTPs) relevant to Texas government and critical infrastructure. Translates geopolitical and operational developments into cyber risk assessments, including identification of likely adversary actions and sectors at elevated risk. Produces a range of intelligence products, including executive briefings, strategic warning, campaign analysis, actor profiles, sector-specific assessments, and incident-related reporting. Conducts in-depth analytic efforts to identify trends, recurring exploit paths, access patterns, and emerging threats requiring sustained attention. Intelligence Application and Operational Support Applies cyber threat intelligence to support cybersecurity operations and organizational decision-making. Develops and disseminates indicators, detection logic, and contextual reporting to enable operational use by security teams. Supports active cybersecurity incidents by providing intelligence enrichment, attribution hypotheses, and contextual analysis to accelerate detection, response, and recovery efforts. Maintains a continuous feedback loop with security operations, incident response, and forensics teams to refine intelligence requirements and improve the effectiveness of intelligence products. Researches and analyzes cybersecurity threat indicators and behaviors to support the prevention, detection, containment, and mitigation of data security threats and incidents. Stakeholder Engagement and Communication Engages with executive leadership, partner agencies, and external stakeholders to communicate cyber threat intelligence and represent the organization's intelligence function. Presents intelligence findings through briefings, reports, and discussions tailored to technical and non-technical audiences. Supports interagency coordination and information sharing efforts. Promotes cybersecurity awareness by communicating relevant threat information and educating stakeholders on risks, trends, and best practices. Tradecraft, Innovation, and Continuous Improvement Maintains and advances intelligence tradecraft, analytic rigor, and continuous improvement of intelligence processes. Applies structured analytic techniques and ensures adherence to standards for sourcing, confidence assessment, and analytic integrity across all products. Leverages artificial intelligence and emerging technologies, including large language model tools, to enhance analytic workflows while exercising appropriate judgment regarding accuracy, reliability, and appropriate use. Identifies opportunities to improve methodologies, tools, and processes to increase the quality, efficiency, and impact of intelligence outputs. Qualifications Minimum Qualifications Five (5) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATT&CK, Diamond Model, kill chain) Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments Experience using AI-assisted tools in an analytic workflow Preferred Qualifications Experience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content Experience briefing senior executives or elected officials Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data Certification in GIAC Certified Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or CompTIA Security+ or CySA+ Knowledge, Skills, and Abilities Knowledge of cybersecurity and information security principles, including adversary tradecraft, intrusion lifecycle concepts, analytic frameworks, and incident response practices. Knowledge of cybersecurity controls, practices, procedures, and applicable laws, regulations, and standards. Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations. Knowledge of intelligence analysis principles, including sourcing, confidence assessment, and structured analytic techniques. Skill in producing clear, concise, and analytically sound written products and briefings tailored to diverse audiences, including executive leadership and technical stakeholders. Skill in analyzing complex information, synthesizing strategic and technical context, and developing actionable insights and recommendations. Skill in effective oral and written communication, including presentations, collaboration, and stakeholder engagement. Skill in the use of cybersecurity tools, software, and analytic platforms to support intelligence production and analysis. Ability to exercise sound judgment in evaluating information, including assessing source reliability, analytic confidence, and limitations of available evidence. Ability to interpret technical artifacts (e.g., logs, network data, malware reports) to support analytic conclusions. Ability to work independently, prioritize tasks, and adapt in a dynamic, evolving environment. Ability to apply structured problem-solving, build effective working relationships, and leverage emerging technologies, including AI-assisted tools, responsibly and effectively. Working Conditions Required to work 8 hours per day, 5 days per week May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval May be required to operate a state vehicle or vehicle on behalf of the State Required to travel with possible overnight stays, as necessary Required to conform to dress and grooming standards, work rules, and safety procedures Required to follow non-smoking policy in all state buildings and vehicles Military Occupation Specialty Code The Military Occupation Specialty Codes applicable to this position can be found at this link. Special Instructions Applicants must provide in-depth information in the

EXPERIENCE & CREDENTIALS

section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification. Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the

EXPERIENCE & CREDENTIALS

section of the application. Interview Place/Time Candidates will be notified for appointments as determined by the selection committee. Selective Service Registration Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment. H-1B Visa Sponsorship We are unable to sponsor or take over sponsorship of an employment Visa at this time. Must be a citizen of the United States. Equal Opportunity Employer Texas Cyber Command does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-463-5920 to request reasonable accommodation.