While currently a position at DIR, this role will be part of the new Texas Cyber Command, the state’s newest agency to defend against and respond to cyber threats.
Job Posting:
Position Title: Cybersecurity Analyst II
Class/Group: 0320/B25
Military Occupation Specialty Code: Army: 17C, 25D; Coast Guard: CYB11, CYB12, CYB14; Marine Corps: 1721, Air Force: 1N4X1, Space Force: 514A, 5C0X1N
Fair Labor Standards Act Status: Exempt
Number of Vacancies: 1
Division/Section: Office of the Chief Information Security Officer/Security Operations/Cybersecurity Incident Response Team
Salary Range: $7,833.34 - $8,025.00/monthly
Duration: Regular
Hours Worked Weekly: 40
Travel: Occasional
Work Location: San Antonio, Texas - preferred work location, Austin, Texas - optional
Position Description
We are a technology agency powered by people. DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.
DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state.
Position Summary
A role within the Office of the State Chief Information Security Officer (OCISO) that combines progressive incident response program development, works with many diverse organizations, plans for and responds to cybersecurity incidents, and reviews and communicates threats and vulnerabilities to a wide range of stakeholders.
Performs complex (journey-level) cybersecurity analysis work. Work involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, and vulnerability assessment services.
Responsibilities
- Support cyber incident response activities and recovery services for any eligible governmental entity across the State of Texas.
- Coordinate with industry partners, government agencies (including law enforcement and intelligence agencies) and other specialists to establish and maintain situational awareness of current and emerging risks and threats to the state.
- Apply systems administration knowledge to support cybersecurity operations, including log analysis, endpoint/server hardening, patch management, active directory, and troubleshooting of operating systems and networked environments.
- Leverage prior experience with enterprise IT systems to identify misconfigurations, mitigate vulnerabilities, and support recovery efforts during cyber incidents.
- Develop and potentially deliver tabletop preparedness exercises for both technical and non-technical stakeholders, providing educational and awareness presentations on sound security practices to improve the security maturity of the state.
- Work collaboratively to identify and deliver statewide security program improvements and continuously improve the security posture of the State of Texas as a whole.
- Support development and maintenance of the State of Texas CIRT security incident response and recovery process, including all required supporting materials and applicable knowledge transfer.
Education
Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field.
Experience And Training Required
Three (3) years of progressively responsible experience in the IT industry. Three (3) years of progressively responsible experience in information technology security or project management work. One (1) year of experience in responding to security incidents.
Experience and Training Preferred
Experience and training in analyzing, recommending, developing, and implementing enterprise-wide policies, standards, and guidelines. Experience in researching and documenting findings on information technology issues, processes, or programs. Experience in adult learning techniques, including curriculum development and delivery of technical and non-technical training.
Knowledge, Skills, and Abilities
Knowledge of applied “sound security” concepts, such as the principal of least privilege, the use of multi-factor authentication, and identity and access management. Knowledge of generally accepted information technology standards and practices; of information technology practices; and of information technology management practices.
The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability.