The Cyber Threat Intelligence Analyst (CTIA) will report to the Statewide Security Operations Manager, will be the focal point for intake of cyber threat intelligence (CTI) from all partners and sources, and will lead the production of intelligence products shared internally within the State of Arizona and public private partners. During cyber incidents, the CTIA’s primary alignment is in handling CTI for the incident, though will sometimes play a hybrid role investigating initial compromise, lateral movement, and persistence of threat actors in a system or network working as a Senior analyst and Incident Responder. Between incidents, the CTIA will maintain the flow of intelligence feeds into and out of Agency tools, create intelligence reports and products, and deliver intelligence products to audiences as needed. The CTIA will use Agency tools to create intel related workflows, playbooks, and dashboards. In addition to their technical focus, The CTIA will support AZDOHS objectives by cultivating and enhancing relationships with public and private partners that rely on and are key to sharers of threat intelligence to include; State and Federal Law Enforcement partners, centered around the Arizona Counter Terrorism Information Center (ACTIC) and Public private partnerships with the AZ-ISAC community hosted in the AZDOHS Slack Workspace. The role requires a frequent physical presence in the ACTIC and constant nurturing of the AZ-ISAC on-line community. The CTIA will help administer and develop the AZ-ISAC Workspace including its channels, workflows, users, and the positive experience of the overall community. The CTIA will take a lead role in planning, preparing and implementing emergency “surge” intelligence gathering operations that leverage both normal and Open Source Intelligence (OSSI) channels for both cyber and physical intelligence in response to emergencies and major events within Arizona. The CTIA must have, or be able to acquire and maintain, a Federal security clearance and will be exposed to classified and sensitive material with narrow distribution rules from all levels of government and private partners. The CTIA will respect, uphold, and assure information handling law, requests, and guidelines of Public & Private partners. The CTIA will create executive reports positioned for agency leadership, executive, and legislative audiences. These reports and dashboards will describe cyber activity in the State of Arizona across public and private organizations such as geographical and virtual cyber threat intelligence assessments and threat actor activity.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior