Dallas County
CYBERSECURITY ANALYST.INFO TECH SERVICES Job at Dallas County in Dallas
Dallas County, Dallas, TX, US, 75215
Job Description
Secures Dallas County's information systems and data. Combines enterprise-wide cyber threat detection, incident response, compliance monitoring, and security policy implementation. Supports the County's hybrid environment by integrating technical security operations with regulatory mandates, including CJIS, HIPAA, and NIST 800-53. Works closely with IT Security Engineering and Compliance teams to defend the Dallas County infrastructure from evolving threats while ensuring adherence to internal and external security requirements.
Responsibilities
Responds to and investigates escalated security tickets, requests, alerts, and events. Performs advanced triage, and coordinates with technical teams to ensure containment, and documents incident response activities. Supports daily operations of the County's security infrastructure, including SIEM, endpoint detection and response, and related tooling. Performs alert tuning, rule validation, and ensures reliable telemetry flow into security platforms. Conducts proactive threat hunting activities across SIEM, EDR, and available log sources. Analyzes behavioral patterns and threat intelligence to identify anomalous activity. Develops hypotheses, executes investigations, and reports findings. Manages incoming security-related tickets, requests, and inquiries from internal departments. Prioritizes and tracks resolution, provides technical guidance, and ensures timely communication and closure of support cases. Develops and maintains operational documentation, including incident response runbooks, standard operating procedures (SOPs), technical workflows, and knowledgebase articles. Ensures documentation is version-controlled and aligned with policy and tool changes. Participates in IT and security-related projects by providing technical guidance, control implementation support, and input on security design considerations. Collaborates with Engineering and IT to ensure secure system configurations. Contributes to the development and maintenance of IT security policies, procedures, and operational standards. Works with Security Compliance, Engineering, and IT teams to ensure technical controls support Dallas County policies and regulatory requirements. Performs other duties as assigned.
Qualifications
Education, Experience and Training: Education and experience equivalent to a Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study. Six (6) years of IT experience in cybersecurity operations, including roles such as Security Analyst, Security Engineer, or SOC Analyst. Certifications (Preferred): • Certified Information Systems Security Professional (CISSP) • GCIH • GCIA • CompTia Cybersecurity Analyst (CySA+) • Relevant security certifications a plus Special Requirements/Knowledge, Skills & Abilities: • Strong communication skills, both written and verbal, for collaboration and reporting. • Ability to work independently and effectively in a team-oriented environment. • Strong analytical, organizational, and documentation skills. • Excellent verbal and written communication skills with the ability to present findings to both technical teams and executive stakeholders. • Ability to create, implement and support security policies, procedures, and operational controls. • Ability to engage and manage engagement with 3rd party security vendors, and managed security service providers. • Knowledge of implementing, managing and configuring security and threat monitoring tools including SIEM (Security Information and Event Management), SOAR (Security, Orchestration, Automation & Response), EDR (Endpoint Detection and Response), DLP (Data Loss Prevention) technologies. • Ability to participate in an on-call rotation for after-hours security incident escalation. • Advanced knowledge of cybersecurity operations, including SIEM management, threat detection, and hands-on incident response. • Ability to lead or mentor junior analysts or coordinate team-based incident investigations. • Knowledge of regulatory and compliance frameworks such as CJIS, HIPAA, PCI-DSS, NIST 800-53, ISO 27001, and risk assessment methodologies. • Ability to enforce and manage regulatory compliance standards such as CJIS, HIPAA, NIST, or similar frameworks. • Skill in threat hunting, forensic analysis, malware behavior analysis, and endpoint forensics platforms. • Skill in interpreting and correlating alerts from multiple sources (EDR, firewalls, cloud logs, email gateways, identity systems) to identify sophisticated attacks or insider threats. • Experience in scripting or programming abilities (e.g., Python, PowerShell) for automating security tasks or parsing large datasets. • Experience with cloud-native security tools and monitoring across Microsoft Azure, AWS, or Google Cloud environments. • Ability to contribute to security policy development, control testing, and continuous improvement of security monitoring capabilities. • Ability to conduct post-incident reviews, root cause analysis, and draft executive-level incident reports. • Ability to manage high-pressure situations and lead coordinated response efforts during security incidents. • Skilled in technical security and the ability to interpret and apply security policy and standards. • Knowledge of security tooling (SIEM, EDR, DLP), security response automation, and proactive threat hunting. Must have a valid Texas Driver's License and good driving record. Will be required to provide a copy of 10-year driving history. Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code. "Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement." Physical/Environmental Requirements: Standard office environment. Ability to lift and carry up to 25 lbs. unassisted. Work a 40-hour hybrid work week with on-call availability for two (2) days per month. Sitting for extended periods of time.
Secures Dallas County's information systems and data. Combines enterprise-wide cyber threat detection, incident response, compliance monitoring, and security policy implementation. Supports the County's hybrid environment by integrating technical security operations with regulatory mandates, including CJIS, HIPAA, and NIST 800-53. Works closely with IT Security Engineering and Compliance teams to defend the Dallas County infrastructure from evolving threats while ensuring adherence to internal and external security requirements.
Responsibilities
Responds to and investigates escalated security tickets, requests, alerts, and events. Performs advanced triage, and coordinates with technical teams to ensure containment, and documents incident response activities. Supports daily operations of the County's security infrastructure, including SIEM, endpoint detection and response, and related tooling. Performs alert tuning, rule validation, and ensures reliable telemetry flow into security platforms. Conducts proactive threat hunting activities across SIEM, EDR, and available log sources. Analyzes behavioral patterns and threat intelligence to identify anomalous activity. Develops hypotheses, executes investigations, and reports findings. Manages incoming security-related tickets, requests, and inquiries from internal departments. Prioritizes and tracks resolution, provides technical guidance, and ensures timely communication and closure of support cases. Develops and maintains operational documentation, including incident response runbooks, standard operating procedures (SOPs), technical workflows, and knowledgebase articles. Ensures documentation is version-controlled and aligned with policy and tool changes. Participates in IT and security-related projects by providing technical guidance, control implementation support, and input on security design considerations. Collaborates with Engineering and IT to ensure secure system configurations. Contributes to the development and maintenance of IT security policies, procedures, and operational standards. Works with Security Compliance, Engineering, and IT teams to ensure technical controls support Dallas County policies and regulatory requirements. Performs other duties as assigned.
Qualifications
Education, Experience and Training: Education and experience equivalent to a Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study. Six (6) years of IT experience in cybersecurity operations, including roles such as Security Analyst, Security Engineer, or SOC Analyst. Certifications (Preferred): • Certified Information Systems Security Professional (CISSP) • GCIH • GCIA • CompTia Cybersecurity Analyst (CySA+) • Relevant security certifications a plus Special Requirements/Knowledge, Skills & Abilities: • Strong communication skills, both written and verbal, for collaboration and reporting. • Ability to work independently and effectively in a team-oriented environment. • Strong analytical, organizational, and documentation skills. • Excellent verbal and written communication skills with the ability to present findings to both technical teams and executive stakeholders. • Ability to create, implement and support security policies, procedures, and operational controls. • Ability to engage and manage engagement with 3rd party security vendors, and managed security service providers. • Knowledge of implementing, managing and configuring security and threat monitoring tools including SIEM (Security Information and Event Management), SOAR (Security, Orchestration, Automation & Response), EDR (Endpoint Detection and Response), DLP (Data Loss Prevention) technologies. • Ability to participate in an on-call rotation for after-hours security incident escalation. • Advanced knowledge of cybersecurity operations, including SIEM management, threat detection, and hands-on incident response. • Ability to lead or mentor junior analysts or coordinate team-based incident investigations. • Knowledge of regulatory and compliance frameworks such as CJIS, HIPAA, PCI-DSS, NIST 800-53, ISO 27001, and risk assessment methodologies. • Ability to enforce and manage regulatory compliance standards such as CJIS, HIPAA, NIST, or similar frameworks. • Skill in threat hunting, forensic analysis, malware behavior analysis, and endpoint forensics platforms. • Skill in interpreting and correlating alerts from multiple sources (EDR, firewalls, cloud logs, email gateways, identity systems) to identify sophisticated attacks or insider threats. • Experience in scripting or programming abilities (e.g., Python, PowerShell) for automating security tasks or parsing large datasets. • Experience with cloud-native security tools and monitoring across Microsoft Azure, AWS, or Google Cloud environments. • Ability to contribute to security policy development, control testing, and continuous improvement of security monitoring capabilities. • Ability to conduct post-incident reviews, root cause analysis, and draft executive-level incident reports. • Ability to manage high-pressure situations and lead coordinated response efforts during security incidents. • Skilled in technical security and the ability to interpret and apply security policy and standards. • Knowledge of security tooling (SIEM, EDR, DLP), security response automation, and proactive threat hunting. Must have a valid Texas Driver's License and good driving record. Will be required to provide a copy of 10-year driving history. Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code. "Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement." Physical/Environmental Requirements: Standard office environment. Ability to lift and carry up to 25 lbs. unassisted. Work a 40-hour hybrid work week with on-call availability for two (2) days per month. Sitting for extended periods of time.