Cyber Threat Intelligence Analyst Jobs in California
Cyber Threat Intelligence Analyst jobs in California are among the most active in the country, concentrated in defense contracting, financial services, technology, and critical infrastructure sectors, with openings at every level from junior analyst to senior threat hunter. The heaviest hiring is in the San Francisco Bay Area, Los Angeles, and San Diego, where employers like Northrop Grumman, Wells Fargo, and Palo Alto Networks maintain large security operations. The most in-demand specializations are nation-state threat tracking, malware reverse engineering, and financial sector threat intelligence. Scan the live roles below and apply to whichever ones fit.
Find JobsOverview
Showing 5 of 29+ Cyber Threat Intelligence Analyst jobs











INTRODUCTION
Envoy protects the places the world relies on most by unifying people, spaces, and communications in one secure, integrated workplace management platform and ecosystem. More than 16,000 workplaces around the world trust Envoy to run secure, compliant, and connected operations across every location. From manufacturing sites and data centers to life sciences labs, healthcare facilities, and corporate headquarters, Envoy unifies visitor management, risk assessment, mailroom management, digital signage software, resource booking, and emergency management into one integrated platform. With deep integrations across access control, identity, compliance screening, and collaboration tools—including LenelS2, Brivo, Genetec, Honeywell, Cisco Meraki, Okta, Microsoft Azure, Microsoft Teams, Slack, ServiceNow, DocuSign, Avigilon Alta, and Descartes Visual Compliance—Envoy helps organizations reduce risk, stay audit-ready, and operate with clarity at scale. This is an L5 opportunity. Successful candidates typically come from staff or principal-level roles and are recognized for establishing technical direction, leading large-scale initiatives, and shaping engineering strategy across organizations.
ABOUT THE ROLE
We are building a proactive, engineering-led security function focused on threat detection, visibility, and automation. We are looking for a Staff Security Engineer to own and evolve our Security Operations and Threat Detection capabilities. This role is responsible for defining how we detect, monitor, and respond to threats across our infrastructure, applications, and endpoints. Today, much of our security posture is reactive. This role will lead the shift toward a system where detection is reliable, measurable, and engineered, not improvised. You will work across Infrastructure, Platform, and Workplace teams to ensure we have full visibility into our environment and can confidently answer: “If we had a security incident, how quickly would we know?” This on-site position requires 4 days a week (Monday through Thursday) in our San Francisco HQ office.
YOU WILL
- Own the design and evolution of our threat detection and security operations capability
- Define detection strategy across cloud infrastructure, applications, and endpoints
- Establish and improve our SIEM and monitoring architecture, including signal quality, coverage, and scalability
- Design and implement detection-as-code practices, setting standards for how detection logic is built, tested, and maintained
- Drive visibility across all critical assets, ensuring endpoints, services, and identities are consistently monitored
- Take ownership of endpoint security monitoring (e.g., SentinelOne), including integration into centralized detection workflows
- Lead the design and rollout of automated security controls, including secrets rotation for high-risk systems
- Define alerting strategy, including severity models, escalation paths, and on-call expectations
- Lead investigations into complex or ambiguous security signals, setting the standard for root cause analysis and response
- Partner with engineering teams to improve instrumentation and ensure systems emit high-quality security signals
- Define and track key metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and drive measurable improvements
- Mentor and guide other engineers, raising the overall capability of the team in detection and security operations
BASIC QUALIFICATIONS
- 6+ years of experience in Security Engineering, SRE, or Infrastructure Engineering with a strong security focus
- Proven experience designing or significantly improving security monitoring, detection, or SIEM systems
- Strong understanding of cloud environments (ideally AWS), including IAM, networking, and logging at scale
- Experience working with endpoint detection and response tools such as SentinelOne or similar
- Deep experience working with logs, events, and telemetry to build meaningful, high-signal detections
- Strong programming or scripting skills (Python, Go, or similar), with a focus on automation and system design
- A strong understanding of attacker behavior and the ability to translate threats into detection strategies
- Experience defining alerting models and reducing noise while maintaining strong coverage
- Ability to operate in ambiguous environments and define structure where none exists
- Strong cross-functional communication skills, with the ability to influence engineering and leadership
- A pragmatic, outcome-oriented mindset focused on reducing real risk and improving operational effectiveness
By applying for this position, you acknowledge that you have fully read and understand the job requirements and received the Envoy Privacy Notice for applicants, which is linked here. Completing this application requires you to provide personal data, such as your name and contact information, which is mandatory for Envoy to process your application. Envoy is an EEO Employer and does not discriminate on the basis of any characteristic protected by local, state or federal law.
COMPENSATION RANGE
- Compensation Range: $265K - $310K
See All 29 Cyber Threat Intelligence Analyst Jobs in California
Find roles in California that match your experience and apply in just a few clicks.
Find JobsCyber Threat Intelligence Analyst Jobs by City in California
Where California roles are concentrated, by current openings.
Cyber Threat Intelligence Analyst Job Market in California
A snapshot from current California openings, updated as new roles post.
Who's Hiring



Top Industries Hiring
- Technology & Software11
- Consulting & Professional Services2
- Cybersecurity1
- Manufacturing1
- Science & Research1
What California Employers Look For
The qualifications that appear most often in cyber threat intelligence analyst jobs across California.
- Bachelor's degree in cybersecurity, computer science, or a related technical field
- Relevant certification such as GCTI, CEH, or CISSP strongly preferred by California employers
- Hands-on experience with threat intelligence platforms such as Recorded Future or MISP
- Proficiency in MITRE ATT&CK framework and applying it to real adversary behavior analysis
- Experience producing written intelligence products for technical and executive audiences
- Familiarity with scripting languages such as Python for automating indicator enrichment workflows
Cyber Threat Intelligence Analyst Jobs in California: Frequently Asked Questions
How do you become a cyber threat intelligence analyst in California?
California has no state-issued license for this role, so the path runs through education and industry credentials. Most California employers expect at least a bachelor's degree in cybersecurity, computer science, or information systems, combined with a recognized certification such as the GIAC Cyber Threat Intelligence certification or a CompTIA Security+. Prior experience in a security operations center, incident response, or network defense role is the most common bridge into a dedicated intelligence analyst position.
Which companies hire cyber threat intelligence analysts in California?
Employers hiring cyber threat intelligence analysts in California right now include Booz Allen Hamilton, Illumio, and PlayStation, based on current listings on Migrate Mate as of July 2026. California's concentration of defense contractors, major financial institutions, and global technology headquarters makes it one of the deepest markets in the country for this specialty.
Which California cities have the most cyber threat intelligence analyst jobs?
The cities with the most cyber threat intelligence analyst openings in California are Sunnyvale, San Francisco, and San Diego. The Bay Area and Los Angeles dominate because of their density of technology headquarters, financial institutions, and defense contractors, while San Diego's openings are largely driven by the Navy, Marine Corps, and the defense firms that support them.
Are there remote cyber threat intelligence analyst jobs in California?
Yes, and more than most fields. About 35% of cyber threat intelligence analyst openings tied to California are remote or hybrid as of July 2026, reflecting how much of the work involves analyzing data, writing reports, and collaborating over secure platforms rather than being on-site. Fully remote roles are most common in the research and strategic intelligence functions, while positions tied to a classified environment or a dedicated security operations center tend to require in-person presence.
How can I get hired as a cyber threat intelligence analyst in California with little or no experience?
The most realistic entry path is a security operations center analyst role, which California employers including Northrop Grumman, Palo Alto Networks, and major Bay Area banks hire for directly out of degree programs. From there, analysts build the malware analysis, indicator enrichment, and report-writing skills that transition into intelligence roles. Earning a GIAC Security Essentials or CompTIA CySA+ certificate before applying sharpens a resume noticeably, and completing an open-source intelligence project or contributing to a public threat research repository can substitute for formal experience.
Where can I find and apply to cyber threat intelligence analyst jobs in California?
You can find and apply to cyber threat intelligence analyst jobs in California on Migrate Mate, which lists current California openings for this role. Search the listings, find the roles that match your background and location, and apply directly to the ones that fit.
See All 29 Cyber Threat Intelligence Analyst Jobs in California
Find roles in California that match your experience and apply in just a few clicks.
Find Jobs