Executive Cyber Command Jobs (NOW HIRING)

Job Description
How to Apply

• Select the link below to search for this position: https://capps.taleo.net/careersection/371/jobsearch.ftl?lang=en
• Enter the job posting number " " in the keyword search.
• You must create a CAPPS Career Section candidate profile or be logged in to apply.
• Update your profile and apply for the job by navigating through the pages and steps.
• Once ready, select "Submit" on the "Review and Submit" page.
• If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid.

The Senior Cyber Threat Intelligence Analyst performs highly advanced (senior-level) cybersecurity and intelligence analysis work leading complex cyber threat intelligence efforts that support Texas leadership, Texas Cyber Command operations, and external mission partners. The position serves as a senior analytic resource responsible for integrating strategic, operational, and technical intelligence to inform executive decision-making, support cybersecurity operations, and enhance statewide cyber resilience. Work includes leading high-impact intelligence initiatives, coordinating analytic efforts across teams and stakeholders, advancing intelligence tradecraft and methodologies, and providing expert guidance on emerging cyber threats, adversary capabilities, and risk trends affecting Texas government and critical infrastructure. Works under minimal supervision with extensive latitude for the use of initiative and independent judgment.
Essential Job Duties
Strategic Intelligence Leadership and Analysis
Leads complex cyber threat intelligence analysis efforts and produces high-impact intelligence products supporting executive decision-making, operational planning, and cybersecurity operations. Directs and conducts advanced analysis of threat actors, campaigns, tactics, techniques, and procedures (TTPs), geopolitical developments, and emerging risks affecting Texas government and critical infrastructure. Develops strategic warning products, executive briefings, campaign assessments, actor profiles, and sector-specific intelligence reporting. Identifies long-term threat trends, systemic vulnerabilities, recurring exploit patterns, and emerging operational risks requiring enterprise attention
Intelligence Integration, Coordination, and Operational Support
Leads the integration of cyber threat intelligence into cybersecurity operations, incident response activities, and organizational decision-making processes. Coordinates intelligence support during active cybersecurity incidents by providing advanced contextual analysis, attribution assessments, and operational intelligence to accelerate detection, response, and recovery efforts. Develops and oversees the dissemination of indicators, detection logic, and intelligence reporting for operational use by cybersecurity teams and mission partners. Collaborates with security operations, incident response, forensics, threat hunting, and partner organizations to refine intelligence priorities, improve information sharing, and enhance operational effectiveness.
Stakeholder Engagement, Advisement, Mission Coordination
Serves as a senior representative of the organization's intelligence function in engagements with executive leadership, governmental entities, critical infrastructure partners, and external stakeholders. Provides expert advisement and strategic briefings regarding cyber threats, emerging risks, intelligence trends, and operational impacts. Facilitates interagency coordination and information sharing initiatives and supports the development of collaborative intelligence relationships across state, federal, local, and private-sector partners. May provide guidance, mentoring, and technical leadership to analysts and other personnel.
Tradecraft, Innovation, and Program Development
Leads efforts to strengthen intelligence tradecraft, analytic rigor, and continuous improvement initiatives across intelligence operations. Establishes and promotes standards for sourcing, confidence assessment, structured analytic techniques, and product quality. Evaluates and applies emerging technologies, including artificial intelligence and large language model tools, to improve analytic workflows and intelligence capabilities while ensuring responsible and appropriate use. Identifies opportunities to enhance methodologies, processes, tools, and intelligence integration across the organization.
Qualifications:
Minimum Qualifications

• Seven (7) years of experience in cyber threat intelligence, all-source intelligence analysis, or a closely related analytic discipline
• Demonstrated experience producing written intelligence products for varied audiences, from executive leadership to technical defenders
• Working knowledge of adversary tradecraft, intrusion lifecycle concepts, and common analytic frameworks (e.g., MITRE ATT&CK, Diamond Model, kill chain)
• Familiarity with indicator types, detection logic, and the lifecycle of technical indicators from discovery to dissemination
• Ability to read and interpret technical artifacts (e.g., logs, network data, malware reports, vulnerability disclosures) to develop analytic judgments
• Experience using AI-assisted tools in an analytic workflow

Preferred Qualifications
Experience:

• Experience leading or coordinating cyber threat intelligence efforts, projects, or analytic initiatives
• Experience producing intelligence for state, local, federal, or military consumers, or for critical infrastructure operators
• Regional or actor-specific expertise in one or more of: China, Russia, Iran, or DPRK cyber programs
• Sector-specific familiarity with energy, water, elections, public safety, healthcare, or financial services threat landscapes
• Experience working alongside SOC, incident response, or threat hunting teams, including during active incidents
• Familiarity with CTI platforms, indicator standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) sufficient to author or review content
• Experience briefing senior executives or elected officials
• Experience designing, integrating, or evaluating LLM-based analytic workflows, including prompt development and handling of sensitive data

Licensure:

• GIAC Certified Cyber Threat Intelligence (GCTI)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM), and/or
• CompTIA Security+ or CySA+

Knowledge, Skills, and Abilities
Knowledge of advanced cybersecurity and cyber threat intelligence principles, methodologies, adversary tradecraft, and incident response practices
Knowledge of computer systems, networks, operating systems, security technologies, and cybersecurity operational environments
Knowledge of computer systems, networks, operating systems, applications, and security technologies, including their capabilities and limitations.
Knowledge of intelligence analysis techniques, confidence assessment methodologies, structured analytic techniques, and intelligence reporting standards
Skill in leading complex intelligence analysis efforts and producing high-quality intelligence products for executive and operational audiences
Skill in synthesizing strategic, operational, and technical information into actionable intelligence and recommendations
Skill in briefing, advising, and communicating effectively with technical personnel, executive leadership, and external stakeholders
Skill in the use of cybersecurity tools, intelligence platforms, analytic technologies, and AI-assisted capabilities to support intelligence operations
Ability to exercise expert judgment in evaluating intelligence, assessing confidence levels, and identifying limitations or gaps in available information
Ability to coordinate intelligence activities across multidisciplinary teams and operational environments
Ability to work independently with extensive latitude for initiative, prioritization, and decision-making in dynamic and evolving threat environments
Ability to lead continuous improvement efforts, mentor personnel, and advance intelligence methodologies, processes, adn operational integration
Working Conditions
Required to work 8 hours per day, 5 days per week
May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval
May be required to operate a state vehicle or vehicle on behalf of the State
Required to travel with possible overnight stays, as necessary
Required to conform to dress and grooming standards, work rules, and safety procedures
Required to follow non-smoking policy in all state buildings and vehicles
Military Occupation Specialty Code
The Military Occupation Specialty Codes applicable to this position can be found at this link.
Special Instructions
Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.
Interview Place/Time
Candidates will be notified for appointments as determined by the selection committee.
Selective Service Registration
Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.
H-1B Visa Sponsorship
We are unable to sponsor or take over sponsorship of an employment Visa at this time. Must be a citizen of the United States.
Equal Opportunity Employer
Texas Cyber Command does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-463-5920 to request reasonable accommodation.