Cyber Security Lead Analyst (Whole of State)

State of ColoradoDenver, CO
Hybrid

About The Position

This critical position is responsible for providing high-level cyber intelligence, data analytics, and programmatic support to the Colorado Bureau of Investigation (CBI) Cyber-Security Unit; the Colorado Information Analysis Center (CIAC); various infrastructure sectors including energy, water & wastewater, communications, and information technology; and other key stakeholders. The position establishes intelligence collection and production requirements related to cyber-security prevention, protection, and mitigation, and provides real-time response capability during significant cyber-security events. The position assists with recovery efforts to promote rapid restoration of systems and networks. The position requires writing a variety of analytical products that enhance education and awareness and provide decision support to DHSEM leadership and other key stakeholders. The Lead Analyst will play a pivotal role in supporting the development of Colorado's Whole of State Cybersecurity Program, dedicated to empowering Colorado’s communities to become the most resilient state in the U.S. against cyber threats. As part of the Whole of State’s Cybersecurity Unit, the Analyst will be responsible for providing actionable information with federal, SLTT, critical infrastructure and community partners, and technical assistance support and coordination. As a Lead Analyst and Work Lead, this staff member must demonstrate strong leadership and must serve as a role model, coordinate and communicate with supervisors, and maintain the highest level of professional expertise. This position plans, organizes, and directs overall workplace functions, coordinating time and multiple schedules for maximum staff coverage and efficiency of operation.

Requirements

  • Seven (7) years of demonstrated full-time professional experience in cybersecurity or information technology.
  • Bachelor's degree from an accredited institution in or a closely related field and three ( 3 ) years demonstrated professional experience in cybersecurity or information technology.
  • Master's degree from an accredited institution in or a closely related field and one( 1 ) years demonstrated professional experience in cybersecurity, or information technology.
  • Intelligence Analysis and Synthesis : Ability to collect, analyze, and synthesize complex cyber threat data from diverse sources (OSINT, classified, technical) into clear, actionable intelligence products.
  • Information Sharing and Outreach: Ability to build and maintain relationships with diverse stakeholders, including state/local/tribal/territorial (SLTT) partners, federal agencies, and the private sector, to foster a collaborative information-sharing environment.
  • Incident Response Acumen: Foundational knowledge of cyber incident response principles, including containment, evidence collection, analysis, and coordination with technical teams.
  • Communication and Briefing Skills: Superior written and verbal communication skills, with the capacity to deliver high-stakes, professional, and often Classified briefings to both technical and executive-level audiences.
  • Programmatic Support: Experience in supporting or managing elements of a large-scale cybersecurity program, including developing program maturity, conducting assessments, and organizing training/exercises (TTXs).
  • NIMS/ICS Familiarity: Working knowledge of the National Incident Management System (NIMS) and Incident Command System (ICS) for supporting State Emergency Operations Center (SEOC) functions during critical events.
  • Ethics and Compliance: Deep commitment to protecting privacy, civil rights, and civil liberties while performing intelligence duties.
  • Requires successful completion of a background investigation that includes a polygraph exam, a fingerprint based criminal history search, reference check .
  • Must be a Colorado resident at the time of application
  • Must obtain and maintain a SECRET security clearance issued by the Department of Homeland Security (DHS) within 9 (nine) months of hire
  • Must be certified to administer, view and share Protected Critical Infrastructure Information (PCII) within six (6) months of hire.
  • On-call- must be able to respond to emerging incidents with little to no warning and which may occur outside normal business hours.

Nice To Haves

  • Cybersecurity Certifications (Comp TIA Security+, ITIL, Network+, CEH, CISSP, SANS GCIH, or equivalent)
  • Experience working with cybersecurity issues in the State, Local, Tribal sector or critical infrastructure sectors
  • Experience applying threat modeling frameworks or methodologies
  • Experience with foundational understanding of cloud computing security principles
  • Strong, technical understanding of the threat scape and associated prevention, protection, mitigation, response and recovery activities.
  • Understanding of industry-recognized threat- security tools and techniques for network defense, forensics, penetration testing, and threat mitigation.
  • Excellent oral and written communications skills.
  • Knowledge of critical infrastructure protection policy and related critical infrastructure protection concepts, principles, and practices.
  • Documented skill set with spoken and written communications and presentation graphics.
  • Skills in the use of ArcGIS Pro and Python with basic understanding of Data cleaning processes.
  • Experience aligning team-level objectives with overarching organizational strategy.
  • Experience mentoring, coaching, and developing team members to achieve operational goals.

Responsibilities

  • Leading the identification, investigation, and analysis of cybersecurity threat intelligence from a variety of open-source and Classified sources.
  • Responsible for writing analytical products, developing regular, timely briefs, and helping other analysts in their production as well, for a variety of customers.
  • Leads long-term analytical and investigative projects related to cybersecurity prevention, protection, mitigation, response and recovery activities.
  • Delivers briefings (including Classified) on ongoing cybersecurity threats to internal and external audiences, including helping to prepare Classified briefings for leadership and Fusion Center partners.
  • Develops and maintains information sharing channels throughout the State and with other partners, and maintains security protocols of those channels.
  • Formulates and individualizes analytical processes to evaluate complex, multi-sector datasets where no precedent exists.
  • Applies advanced professional judgment to develop methodologies that identify cascading effects, threat interdependencies, and resilience gaps.
  • Provides authoritative consultation to division and department management on analytic policy, data-governance standards, and enterprise-system integration strategies.
  • Produces finished intelligence products, vulnerability analyses, and technical assessments accepted on technical merit as the basis for agency program and policy decisions.
  • Performs more complex activities and tasks as they relate to the Cyber Whole of State Program.
  • Oversees the technical integration of WoSCI capabilities and datasets into DHSEM’s ArcGIS Enterprise.
  • Works closely with the WOS Infrastructure Protection Lead Analyst, Cyber Analysts and Supervisor as well as the GIS Analysts on Whole of State Initiatives and Management of the Enterprise.
  • Display a high degree of independent initiative, discretion, and sound judgment, as well as the ability to integrate organizational priorities, meeting deadlines and deliver results.
  • Makes informed decisions that uphold CIAC goals and risk management protocols, while proactively supporting leadership in executing strategic initiatives and maximizing team efficiency.
  • Develop and maintain robust partnerships with Colorado’s SLTT community, federal partners, and critical infrastructure/private sector partners to expand information sharing outreach.
  • Share best practices within and between key sectors and communities to advance Colorado’s overall cybersecurity posture.
  • Coordinate and lead tabletop exercises (TTXs) and trainings for internal and external partners across Colorado and with other state partners to support greater information sharing and threat readiness.
  • Provide technical assistance across a variety of fronts including the development of incident response plans, business continuity planning, cyber assessments and cyber program maturing to the nine all-hazards regions.
  • Identifies new partner and outreach opportunities for the Cyber Unit; supports ongoing information campaigns around the Colorado Whole of State Program and its offerings.
  • Understands the full scope of a fusion center so as to support the private sector, local, state, tribal, and federal partners of the CIAC to assist the Center in meeting the Center's mission.
  • Utilizing professional judgement and advanced analytical skills, this position will communicate with leadership and potentially partners on the research methodology employed and the analytic observations of information assessed.
  • Set up databases to ensure proper analysis can occur to achieve the desired outcome using known analytical techniques, professional judgement, and resourcefulness to develop the correct approach for each project.
  • Assist with incident response handling (not to include recovery) in coordination with OIT, the Colorado National Guard, MS-ISAC, and federal partners, focusing on containment and analysis.
  • Help guide the containment of the threat.
  • Collect and analyze evidence related to a threat or attack, and work to share out lessons learned and best practices from the incident to strengthen other potential targets.
  • Develops and coordinates broader cyber incident response support across Colorado.
  • Leverages existing Threat Liaison Officer (TLO) network to enhance cyber preparedness and incident response support throughout the state.
  • Serve as a member of the CIAC leadership team by reviewing and approving products prior to dissemination.
  • Possess excellent communication and interpersonal skills, demonstrating tact and diplomacy to consistently interact effectively and with flexibility with diverse groups of people.
  • Submits necessary reports that are complete, accurate, appropriate and timely.
  • Collects factual information in order to facilitate the appropriate response from customers.
  • When receiving a complaint, investigate and address issues necessary for dissemination to proper authority for timely disposition of complaint.
  • Assists law enforcement and criminal justice agencies.
  • Performs other duties as assigned.
  • Responsible for protecting privacy, civil rights and civil liberties pursuant to law or policy.
  • Supports Fusion Center operations during critical, human-caused cyber-related events.
  • Supports the activation of the State Emergency Operations Center (SEOC) during exercises or actual events in accordance with NIMS/ICS guidelines.
  • Performs duties as assigned within the CIAC, under the immediate direction of the CIAC Cyber Security/Critical Infrastructure Whole of State Program Supervisor and SEOC Manager.
  • Coordinates with emergency support function #2, Communications, to support response efforts following a major disaster, emergency, or extraordinary situation.
  • As part of SEOC advise on technical issues related to the procurement of skilled technical personnel and equipment from the private sector to support resource requests.
  • Performs other duties as assigned in the SEOC.

Benefits

  • Medical and dental options are available for permanent employees and their dependents.
  • Short and long-term disability coverage
  • Life insurance that includes legal resources and discounts.
  • Basic Life and AD&D insurance equal to their annual earnings subject to a minimum benefit of $50,000 and a maximum of $250,000.
  • Basic Life and AD&D are provided by the State of Colorado at no cost to employees.
  • The State of Colorado's Wellness Program, State of Health, is a no-cost, year-long program that supports an employee’s health and wellness goals.
  • Personalized health coaching, skill groups and more.
  • Participants can earn a $20 per month health insurance premium discount.
  • Through BenefitHub, State of Colorado employees have access to discounts, promotions and special programs from hundreds of retailers, restaurants, travel and entertainment venues throughout Colorado and across the country.
  • State contribution into a Health Savings Account when enrolled in a High Deductible Health Plan.
  • Eligible employees have access to medical leave under the Family Medical Leave Act (FMLA) and the State of Colorado Family and Medical Leave Insurance Program (FAMLI).
  • Eligibility for hybrid or other flexible work arrangements based on the nature of the role.
  • Excellent retirement benefits including mandatory PERA Defined Benefit Plan or PERA Defined Contribution Plan, plus optional 401K and 457 plans.
  • Generous time off including 11 paid holidays annually and accrued annual and sick leave and four annual wellness days.
  • The Employee Assistance Program (C-SEAP) is available in every region of the state.
  • Tuition reimbursement and reduced college tuition at CSU Global and DeVry University.
  • Credit Union of Colorado membership eligibility.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service