Outdoors, Mountain, Nature, Person, Painting, Valley, Landscape, Scenery, Panoramic, Canyon

Cyber Threat Intelligence Analyst

  • 542052
  • PHOENIX
  • REMOTE OPTIONS
  • DEPT OF HOMELAND SECURITY
  • Full-time
  • Closing at: Jul 17 2026 - 23:55 MST
View favorites

ARIZONA DEPARTMENT OF HOMELAND SECURITY

Cyber Threat Intelligence Analyst

*This is a hybrid position with in-office attendance required*

Job Location:

16212 North 28th Avenue

Phoenix, Arizona 85053

Posting Details:

Annual Salary Range: $75,000 - $95,000

Grade: 24

This position will close on Friday July 17, 2026  

Job Summary:

The Cyber Threat Intelligence Analyst (CTIA) will report to the Statewide Security Operations Manager, will be the focal point for intake of cyber threat intelligence (CTI) from all partners and sources, and will lead the production of intelligence products shared internally within the State of Arizona and public private partners.

During cyber incidents, the CTIA’s primary alignment is in handling CTI for the incident, though will sometimes play a hybrid role investigating initial compromise, lateral movement, and persistence of threat actors in a system or network working as a Senior analyst and Incident Responder.

Between incidents, the CTIA will maintain the flow of intelligence feeds into and out of Agency tools, create intelligence reports and products, and deliver intelligence products to audiences as needed. The CTIA will use Agency tools to create intel related workflows, playbooks, and dashboards.

In addition to their technical focus, The CTIA will support AZDOHS objectives by cultivating and enhancing relationships with public and private partners that rely on and are key to sharers of threat intelligence to include; State and Federal Law Enforcement partners, centered around the Arizona Counter Terrorism Information Center (ACTIC) and Public private partnerships with the AZ-ISAC community hosted in the AZDOHS Slack Workspace.

The role requires a frequent physical presence in the ACTIC and constant nurturing of the AZ-ISAC on-line community. The CTIA will help administer and develop the AZ-ISAC Workspace including its channels, workflows, users, and the positive experience of the overall community.

The CTIA will take a lead role in planning, preparing and implementing emergency “surge” intelligence gathering operations that leverage both normal and Open Source Intelligence (OSINT) channels for both cyber and physical intelligence in response to emergencies and major events within Arizona.

The CTIA must have, or be able to acquire and maintain, a Federal security clearance and will be exposed to classified and sensitive material with narrow distribution rules from all levels of government and private partners. The CTIA will respect, uphold, and assure information handling law, requests, and guidelines of Public & Private partners.

The CTIA will create executive reports positioned for agency leadership, executive, and legislative audiences. These reports and dashboards will describe cyber activity in the State of Arizona across public and private organizations such as geographical and virtual cyber threat intelligence assessments and threat actor activity.

Job Duties:

• Produce and present dashboards, reports, and presentations for consumption of internal and external working and executive partners and organizations

• Assure CTI and community tools are functioning properly to support CTI sharing and constantly improve upon systems to be more effective and automated

• Lead and curate the AZ-ISAC online CTI sharing community through maintenance and improvement of the Slack Workspace

• Cultivate and maintain CTI sharing relationships with State and Federal Law Enforcement partners

• Lead Cyber Threat Intelligence development and tracking during Cyber Security incidents

• Prepare for and execute on emergency intelligence “surge” operations

• Other duties as assigned as related to the position

Knowledge, Skills & Abilities (KSAs):

Knowledge:

• A strong working knowledge and understanding of computer science in all its disciplines to include; Networking, Servers, Workstations, Cloud, Identity, and AI

• A broad knowledge of Threat Actors and their Tactics, Techniques, and Procedures. (TTPs) and the MITRE ATT&CK framework

• Direct knowledge and experience working in a SOC environment supporting alerts and incidents

• Knowledge of Cyber Threat Intelligence standard practices, tools, and processes

• Knowledge and familiarity of Law Enforcement culture and communities

Skills:

• Executive communication skills to support making presentations and explaining complex technical topics to non-technical audiences

• Literary skills for technical and non-technical audiences and visual data skills for the presentation of information

• Skills in community leadership and management

• Skills in Digital Forensics and Incident Response

• Analytical and problem resolution skills

• Good organizational skills

Ability:

• Ability to nurture and grow virtual communities (AZ-ISAC) finding ways to promote the value of the program

• Ability to regularly work out of the ACTIC Fusion center to develop face-to-face relationships with them

• Able to map Threat Actor behavior to the MITRE ATT&CK framework

• Ability to coordinate Cyber Threat Intelligence during a cyber incident

• Ability to communicate technical topics to non-technical audiences

• Ability to analyze and resolve cyber incidents

Selective Preference(s):

Required:

• Bachelor’s degree plus 3 or more years of experience in information security analysis (or equivalent experience)

• Active Secret Level Clearance or ability to obtain one upon hire

Preferred:

• Bachelor's degree in computer science or cyber security

• Active Secret Clearance

Pre-Employment Requirements:

• Required to drive on State business; must possess a valid Arizona driver's license

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business, then the following requirements apply: Driver’s License Requirements.

Benefits:

The State of Arizona offers a comprehensive benefits package to include:

• Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance

• Life insurance and long-term disability insurance

• Vacation with 10 paid holidays per year

• Health and dental insurance

• Retirement plan

• Sick leave

Learn more about the Paid Parental Leave program here. For a complete list of benefits provided by The State of Arizona, please visit our benefits page

Retirement:

• Positions in this classification participate in the Arizona State Retirement System (ASRS)

• Please note that enrollment eligibility will become effective after 27 weeks of employment

Contact Us:

• If you have any questions please feel free to contact us at AZDOHSHR@azdohs.gov for assistance

ARIZONA MANAGEMENT SYSTEM (AMS)

All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress.  Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.  
State employees are highly engaged, collaborative and embrace a culture of public service.

The State of Arizona is an Equal Opportunity/Reasonable Accommodation Employer.

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business, then the following requirements apply: Driver’s License Requirements