Cyber Threat Intelligence Analyst

Arizona Department of AdministrationPhoenix, AZ
$75,000 - $95,000Hybrid

About The Position

The Cyber Threat Intelligence Analyst (CTIA) will report to the Statewide Security Operations Manager, will be the focal point for intake of cyber threat intelligence (CTI) from all partners and sources, and will lead the production of intelligence products shared internally within the State of Arizona and public private partners. During cyber incidents, the CTIA’s primary alignment is in handling CTI for the incident, though will sometimes play a hybrid role investigating initial compromise, lateral movement, and persistence of threat actors in a system or network working as a Senior analyst and Incident Responder. Between incidents, the CTIA will maintain the flow of intelligence feeds into and out of Agency tools, create intelligence reports and products, and deliver intelligence products to audiences as needed. The CTIA will use Agency tools to create intel related workflows, playbooks, and dashboards. In addition to their technical focus, The CTIA will support AZDOHS objectives by cultivating and enhancing relationships with public and private partners that rely on and are key to sharers of threat intelligence to include; State and Federal Law Enforcement partners, centered around the Arizona Counter Terrorism Information Center (ACTIC) and Public private partnerships with the AZ-ISAC community hosted in the AZDOHS Slack Workspace. The role requires a frequent physical presence in the ACTIC and constant nurturing of the AZ-ISAC on-line community. The CTIA will help administer and develop the AZ-ISAC Workspace including its channels, workflows, users, and the positive experience of the overall community. The CTIA will take a lead role in planning, preparing and implementing emergency “surge” intelligence gathering operations that leverage both normal and Open Source Intelligence (OSSI) channels for both cyber and physical intelligence in response to emergencies and major events within Arizona. The CTIA must have, or be able to acquire and maintain, a Federal security clearance and will be exposed to classified and sensitive material with narrow distribution rules from all levels of government and private partners. The CTIA will respect, uphold, and assure information handling law, requests, and guidelines of Public & Private partners. The CTIA will create executive reports positioned for agency leadership, executive, and legislative audiences. These reports and dashboards will describe cyber activity in the State of Arizona across public and private organizations such as geographical and virtual cyber threat intelligence assessments and threat actor activity.

Requirements

  • A strong working knowledge and understanding of computer science in all its disciplines to include; Networking, Servers, Workstations, Cloud, Identity, and AI
  • A broad knowledge of Threat Actors and their Tactics, Techniques, and Procedures. (TTPs) and the MITRE ATT&CK framework
  • Direct knowledge and experience working in a SOC environment supporting alerts and incidents
  • Knowledge of Cyber Threat Intelligence standard practices, tools, and processes
  • Knowledge and familiarity of Law Enforcement culture and communities
  • Executive communication skills to support making presentations and explaining complex technical topics to non-technical audiences
  • Literary skills for technical and non-technical audiences and visual data skills for the presentation of information
  • Skills in community leadership and management
  • Skills in Digital Forensics and Incident Response
  • Analytical and problem resolution skills
  • Good organizational skills
  • Ability to nurture and grow virtual communities (AZ-ISAC) finding ways to promote the value of the program
  • Ability to regularly work out of the ACTIC Fusion center to develop face-to-face relationships with them
  • Able to map Threat Actor behavior to the MITRE ATT&CK framework
  • Ability to coordinate Cyber Threat Intelligence during a cyber incident
  • Ability to communicate technical topics to non-technical audiences
  • Ability to analyze and resolve cyber incidents
  • Bachelor’s degree plus 3 or more years of experience in information security analysis (or equivalent experience)
  • Active Secret Level Clearance or ability to obtain one upon hire
  • Required to drive on State business; must possess a valid Arizona driver's license

Nice To Haves

  • Bachelor's degree in computer science or cyber security
  • Active Secret Clearance

Responsibilities

  • Produce and present dashboards, reports, and presentations for consumption of internal and external working and executive partners and organizations
  • Assure CTI and community tools are functioning properly to support CTI sharing and constantly improve upon systems to be more effective and automated
  • Lead and curate the AZ-ISAC online CTI sharing community through maintenance and improvement of the Slack Workspace
  • Cultivate and maintain CTI sharing relationships with State and Federal Law Enforcement partners
  • Lead Cyber Threat Intelligence development and tracking during Cyber Security incidents
  • Prepare for and execute on emergency intelligence “surge” operations
  • Other duties as assigned as related to the position

Benefits

  • Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance
  • Life insurance and long-term disability insurance
  • Vacation with 10 paid holidays per year
  • Health and dental insurance
  • Retirement plan
  • Sick leave
  • Paid Parental Leave program
  • Positions in this classification participate in the Arizona State Retirement System (ASRS)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service