Cyber Security Lead Analyst (Whole of State)
Role details
Job location
Tech stack
Job description
The All Threats Intelligence Unit is responsible for the collection, analysis and dissemination of all threat information for the purpose of information sharing on criminal activities and terrorism-related threats affecting Colorado. The Center collaborates with private sector, local, tribal and federal partners to support, prevent, and protect Colorado and its citizens. The infrastructure protection and cyber-security programs promote greater resiliency of government, non-government, and private-sector facilities, systems, assets, and employees through an array of prevention, protection, mitigation, response and recovery strategies designed to deter, delay, detect and defend against human threats and technological hazards, while reducing the impact of natural hazards. The programs also provide a range of technical assistance to enhance their security posture and preparedness against all-hazards. Through the development and maintaining of public-private partnerships and ongoing support of state government agencies, the program aims to expand information sharing opportunities, enhance data collection and threat reporting to produce actionable intelligence, provide training and awareness, and adopt a layered, defense-in-depth strategy to assure the resiliency of Colorado communities and Colorado state government infrastructure. Under the CIAC's Infrastructure Protection program, The Whole of State initiative for critical infrastructure allows the State of Colorado to actively maintain an inventory of critical infrastructure nodes and facilities in the state, and maintain a database of this inventory that is utilized by numerous emergency management officials during significant emergency events. Cybersecurity analysts support Colorado's Whole of State cybersecurity effort to make Colorado the most resilient state against cyber-attacks across several areas of focus. Specifically, the Cyber Team works to identify and investigate emergency threats and vulnerabilities to the SLTT, critical infrastructure and private sector communities; provides timely, accurate, and actionable information; supports the sharing of best practices within and between sectors with regards to enhancing cyber protections; and offers technical assistance and coordination support specific to cyber assessment support, incident response support, and cyber program maturity growth.
Work Environment
-
Monday through Friday between core hours of 7:00 a.m. to 5:00 p.m.
-
A hybrid work model is utilized, requiring in-office attendance a minimum of three (3) days per week.
About the Job
This critical position is responsible for providing high-level cyber intelligence, data analytics, and programmatic support to the Colorado Bureau of Investigation (CBI) Cyber-Security Unit; the Colorado Information Analysis Center (CIAC); various infrastructure sectors including energy, water & wastewater, communications, and information technology; and other key stakeholders. The position establishes intelligence collection and production requirements related to cyber-security prevention, protection, and mitigation, and provides real-time response capability during significant cyber-security events. The position assists with recovery efforts to promote rapid restoration of systems and networks. The position requires writing a variety of analytical products that enhance education and awareness and provide decision support to DHSEM leadership and other key stakeholders.
The Lead Analyst will play a pivotal role in supporting the development of Colorado's Whole of State Cybersecurity Program, dedicated to empowering Colorado's communities to become the most resilient state in the U.S. against cyber threats.
As part of the Whole of State's Cybersecurity Unit, the Analyst will be responsible for providing actionable information with federal, SLTT, critical infrastructure and community partners, and technical assistance support and coordination.
As a Lead Analyst and Work Lead, this staff member must demonstrate strong leadership and must serve as a role model, coordinate and communicate with supervisors, and maintain the highest level of professional expertise. This position plans, organizes, and directs overall workplace functions, coordinating time and multiple schedules for maximum staff coverage and efficiency of operation.
Key Responsibilities
Whole of State Cyber Security Lead
-
Leading the identification, investigation, and analysis of cybersecurity threat intelligence from a variety of open-source and Classified sources.
-
Responsible for writing analytical products, developing regular, timely briefs, and helping other analysts in their production as well, for a variety of customers.
-
Leads long-term analytical and investigative projects related to cybersecurity prevention, protection, mitigation, response and recovery activities.
-
Delivers briefings (including Classified) on ongoing cybersecurity threats to internal and external audiences, including helping to prepare Classified briefings for leadership and Fusion Center partners.
-
Develops and maintains information sharing channels throughout the State and with other partners, and maintains security protocols of those channels.
-
Formulates and individualizes analytical processes to evaluate complex, multi-sector datasets where no precedent exists. Applies advanced professional judgment to develop methodologies that identify cascading effects, threat interdependencies, and resilience gaps.
-
Provides authoritative consultation to division and department management on analytic policy, data-governance standards, and enterprise-system integration strategies. Produces finished intelligence products, vulnerability analyses, and technical assessments accepted on technical merit as the basis for agency program and policy decisions.
-
This position performs more complex activities and tasks as they relate to the Cyber Whole of State Program.
-
Oversees the technical integration of WoSCI capabilities and datasets into DHSEM's ArcGIS Enterprise.
-
Works closely with the WOS Infrastructure Protection Lead Analyst, Cyber Analysts and Supervisor as well as the GIS Analysts on Whole of State Initiatives and Management of the Enterprise.
-
Display a high degree of independent initiative, discretion, and sound judgment, as well as the ability to integrate organizational priorities, meeting deadlines and deliver results.
-
Makes informed decisions that uphold CIAC goals and risk management protocols, while proactively supporting leadership in executing strategic initiatives and maximizing team efficiency.
Cyber Outreach and Support
-
Develop and maintain robust partnerships with Colorado's SLTT community, federal partners, and critical infrastructure/private sector partners to expand information sharing outreach.
-
Share best practices within and between key sectors and communities to advance Colorado's overall cybersecurity posture.
-
Coordinate and lead tabletop exercises (TTXs) and trainings for internal and external partners across Colorado and with other state partners to support greater information sharing and threat readiness.
-
Provide technical assistance across a variety of fronts including the development of incident response plans, business continuity planning, cyber assessments and cyber program maturing to the nine all-hazards regions.
-
Identifies new partner and outreach opportunities for the Cyber Unit; supports ongoing information campaigns around the Colorado Whole of State Program and its offerings.
-
This position understands the full scope of a fusion center so as to support the private sector, local, state, tribal, and federal partners of the CIAC to assist the Center in meeting the Center's mission.
-
Utilizing professional judgement and advanced analytical skills, this position will communicate with leadership and potentially partners on the research methodology employed and the analytic observations of information assessed.
-
Set up databases to ensure proper analysis can occur to achieve the desired outcome using known analytical techniques, professional judgement, and resourcefulness to develop the correct approach for each project.
Cyber Incident Response Support
-
Assist with incident response handling (not to include recovery) in coordination with OIT, the Colorado National Guard, MS-ISAC, and federal partners, focusing on containment and analysis.
-
Help guide the containment of the threat.
-
Collect and analyze evidence related to a threat or attack, and work to share out lessons learned and best practices from the incident to strengthen other potential targets.
-
Develops and coordinates broader cyber incident response support across Colorado.
-
Leverages existing Threat Liaison Officer (TLO) network to enhance cyber preparedness and incident response support throughout the state.
-
Serve as a member of the CIAC leadership team by reviewing and approving products prior to dissemination.
-
Possess excellent communication and interpersonal skills, demonstrating tact and diplomacy to consistently interact effectively and with flexibility with diverse groups of people.
-
Submits necessary reports that are complete, accurate, appropriate and timely.
-
Collects factual information in order to facilitate the appropriate response from customers.
-
When receiving a complaint, investigate and address issues necessary for dissemination to proper authority for timely disposition of complaint.
-
Assists law enforcement and criminal justice agencies.
-
Performs other duties as assigned.
State Emergency Operations Center Support/Other Duties as Assigned
-
Responsible for protecting privacy, civil rights and civil liberties pursuant to law or policy.
-
Supports Fusion Center operations during critical, human-caused cyber-related events.
-
Supports the activation of the State Emergency Operations Center (SEOC) during exercises or actual events in accordance with NIMS/ICS guidelines.
-
Performs duties as assigned within the CIAC, under the immediate direction of the CIAC Cyber Security/Critical Infrastructure Whole of State Program Supervisor and SEOC Manager.
-
Coordinates with emergency support function #2, Communications, to support response efforts following a major disaster, emergency, or extraordinary situation. As part of SEOC advise on technical issues related to the procurement of skilled technical personnel and equipment from the private sector to support resource requests.
-
Performs other duties as assigned in the SEOC.
Requirements
Note, to be considered for this position, you must meet one of the following options for consideration.
Proven Experience, Knowledge, Skills
Seven (7) years of demonstrated full-time professional experience in cybersecurity or information technology.
OR Education and Experience, Knowledge, Skills
Bachelor's degree from an accredited institution in or a closely related field and three ( 3 ) years demonstrated professional experience in c ybersecurity or information technology. OR Master's degree from an accredited institution in or a closely related field and one( 1 ) years demonstrated professional experience in c ybersecurity, or information technology. Experience must include the following:
-
Intelligence Analysis and Synthesis: Ability to collect, analyze, and synthesize complex cyber threat data from diverse sources (OSINT, classified, technical) into clear, actionable intelligence products.
-
Information Sharing and Outreach: Ability to build and maintain relationships with diverse stakeholders, including state/local/tribal/territorial (SLTT) partners, federal agencies, and the private sector, to foster a collaborative information-sharing environment.
-
Incident Response Acumen: Foundational knowledge of cyber incident response principles, including containment, evidence collection, analysis, and coordination with technical teams.
-
Communication and Briefing Skills: Superior written and verbal communication skills, with the capacity to deliver high-stakes, professional, and often Classified briefings to both technical and executive-level audiences.
-
Programmatic Support: Experience in supporting or managing elements of a large-scale cybersecurity program, including developing program maturity, conducting assessments, and organizing training/exercises (TTXs).
-
NIMS/ICS Familiarity: Working knowledge of the National Incident Management System (NIMS) and Incident Command System (ICS) for supporting State Emergency Operations Center (SEOC) functions during critical events.
-
Ethics and Compliance: Deep commitment to protecting privacy, civil rights, and civil liberties while performing intelligence duties.
Preferred Qualifications
-
Cybersecurity Certifications (Comp TIA Security+, ITIL, Network+, CEH, CISSP, SANS GCIH, or equivalent)
-
Experience working with cybersecurity issues in the State, Local, Tribal sector or critical infrastructure sectors
-
Experience applying threat modeling frameworks or methodologies
-
Experience with foundational understanding of cloud computing security principles
-
Strong, technical understanding of the threat scape and associated prevention, protection, mitigation, response and recovery activities.
-
Understanding of industry-recognized threat- security tools and techniques for network defense, forensics, penetration testing, and threat mitigation.
-
Excellent oral and written communications skills.
-
Knowledge of critical infrastructure protection policy and related critical infrastructure protection concepts, principles, and practices.
-
Documented skill set with spoken and written communications and presentation graphics.
-
Skills in the use of ArcGIS Pro and Python with basic understanding of Data cleaning processes.
-
Experience aligning team-level objectives with overarching organizational strategy.
-
Experience mentoring, coaching, and developing team members to achieve operational goals.
Conditions of Employment
-
Requires successful completion of a background investigation that includes a polygraph exam, a fingerprint based criminal history search, reference check .
-
Must be a Colorado resident at the time of application
-
Must obtain and maintain a SECRET security clearance issued by the Department of Homeland Security (DHS) within 9 (nine) months of hire
-
Must be certified to administer, view and share Protected Critical Infrastructure Information (PCII) within six (6) months of hire.
-
On-call- must be able to respond to emerging incidents with little to no warning and which may occur outside normal business hours.
Benefits & conditions
- Questions
Department Information
This position is open only to current Colorado state residents.
A n eligible list established with this recruitment may be used to fill other similar positions within the Colorado Department of Public Safety in the next 12 months.
Our Mission - Engaged employees working together to safeguard lives and to provide diverse public safety services to local communities.
Our Vision - Creating safer and more resilient communities across Colorado.
Our Core Values - Unity, Honor, Service
The State of Colorado strives to create a Colorado for All by building and maintaining workplaces that value and respect all Coloradans through a commitment to equal opportunity and hiring based on merit and fitness.
The State is dedicated to non-discriminatory practices in everything we do, including hiring, employment, and advancement opportunities.
At CDPS, our culture is driven by our commitment to creating a safer Colorado and guided by a public service focus. We strive to provide effective solutions and services to our fellow Coloradans. We model a culture of collaboration, innovation, and growth for our employees. We maintain a professional and inclusive workplace.
Careers with a purpose:
If you are passionate about public safety and public service, and are eager to dedicate your career to serving Coloradans, consider joining CDPS. Our team at CDPS consists of exceptional individuals and is an environment where you can challenge yourself and acquire new capabilities to build a rewarding and fulfilling career.
We are committed to providing public safety services to our communities including safety on our roads, preparing for and mitigating environmental disasters such as floods and wildland fires, disaster recovery, combating crime, promoting school safety, and victim services.
Classification and Salary: Analyst IV (https://dhr.colorado.gov/state-hr-professionals/job-classifications/class-description-and-minimum-qualifications-for-h1c) Anticipated Hiring Range: $6,022 - $7,500/month; $72,264 - $90,000/yearFull Salary Range: $6,022 - $9,636/month; $72,264 - $115,632/year Benefits:
We provide a wide range of benefits to our employees.
-
Medical and dental options are available for permanent employees and their dependents. We also offer short and long-term disability coverage, and life insurance that includes legal resources and discounts.
-
Eligible employees receive Basic Life and AD&D insurance equal to their annual earnings subject to a minimum benefit of $50,000 and a maximum of $250,000. Basic Life and AD&D are provided by the State of Colorado at no cost to employees.
-
The State of Colorado's Wellness Program, State of Health, is a no-cost, year-long program that supports an employee's health and wellness goals. This program offers personalized health coaching, skill groups and more. Participants can earn a $20 per month health insurance premium discount.
-
Through BenefitHub, State of Colorado employees have access to discounts, promotions and special programs from hundreds of retailers, restaurants, travel and entertainment venues throughout Colorado and across the country.
-
State contribution into a Health Savings Account when enrolled in a High Deductible Health Plan.
-
Eligible employees have access to medical leave under the Family Medical Leave Act (FMLA) (https://dhr.colorado.gov/state-employees/time-off-leave/family-medical-leave-act-fmla) and the State of Colorado Family and Medical Leave Insurance Program (FAMLI) (https://famli.colorado.gov/) .
-
Eligibility for hybrid or other flexible work arrangements based on the nature of the role.
-
We offer excellent retirement benefits including mandatory PERA Defined Benefit Plan or PERA Defined Contribution Plan, plus optional 401K and 457 plans. For information on mandatory employee salary deferral (in lieu of contribution to Social Security), visit Colorado PERA (https://www.copera.org/member-contribution-rates) for details.
-
We provide generous time off including 11 paid holidays annually and accrued annual and sick leave (https://dhr.colorado.gov/state-employees/time-off-leave) and four annual wellness days.
-
The Employee Assistance Program (C-SEAP) is available in every region of the state. It is our effort to support the well-being of employees and the workplace. EAPs provide short-term counseling, referrals and resources, as well as training and organizational development services.
-
Tuition reimbursement and reduced college tuition at CSU Global and DeVry University.