Texas is hiring: Cybersecurity Operations Engineer (Cybersecurity Analyst II) in

MISSION:

The Texas Education Agency (TEA) will improve outcomes for all public‑school students in the state by providing leadership, guidance, and support to school systems.

Core Values:

• We are Determined: We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students.
• We are People‑Centered: We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.
• We are Learners: We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.
• We are Servant Leaders: Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.

About Office of IT

The Office of Information Technology works closely with all agency divisions to implement innovative technology solutions in a cost‑efficient manner that supports the goals and priorities of the Texas Education Agency. It provides efficient technology solutions and stellar customer services to internal staff, 20 Educational Service Centers, and 1,200-plus public‑school districts and charter schools. Services include leadership on IT initiatives; guidance on security/policy issues; new application development/enhancements; software acquisition; technical support; assistance with technical sections of purchasing documents such as RFI, RFO, RFP; and oversight on the data collection process that helps to support and improve outcomes for all of Texas’s 5 million‑plus students.

Position Overview

This position is funded through December 30, 2026. Continuation of the position beyond that date is contingent on available funding.

The Cybersecurity Operations Engineer assists the Texas Education Agency (TEA) mission to support every Texas public school student to be ready for college, career or the military and understands the Agency must first have a workforce of high‑performing individuals who are committed to improving outcomes for Texas students. With this as our guiding principle, the Cybersecurity Operations Engineer works closely with TEA’s Cybersecurity Operations Team Lead to implement a stakeholder‑focused Information Security Program to protect the information which is shared with the Agency by the citizens of Texas and Local Education Agencies (LEAs). The Cybersecurity Operations Engineer will be responsible for key cybersecurity strategies including:

• Working with the Cybersecurity Operations Team Lead to improve TEA’s cybersecurity maturity, following the Texas Cybersecurity Framework.
• Following Incident Response processes to ensure swift and proper response to cyber incidents.
• Administering security controls to prevent malware delivery, execution, and extent of cyber incidents.

This role is in the Office of Information Technology. The Office of Information Technology (IT) works closely with all agency divisions to implement innovative technology solutions in a cost‑efficient manner that supports the goals and priorities of TEA.

Flexible Work Location

Flexible work location within the state of Texas may be considered for qualified candidates.

Application Notes

Please note that a resume is a required attachment for applying to this position. Incomplete applications will not be considered. Applicants who are strongly being considered for employment must submit to a national criminal history background check.

Essential Functions

1. Cybersecurity Engineering: Implement, maintain, tune, and manage various cybersecurity tools with a primary focus on our SOAR/SIEM tools, including collecting and normalizing data via log collectors or APIs, managing the log forwarder server(s), creating alert and detection rules, configuring RBAC, creating dashboards, visuals, and reports based on stakeholder requirements, documenting functionality and implementation. Manage and monitor the EDR platform.
2. Cybersecurity Analysis: Provide cybersecurity consultation for TEA projects that align with TEA’s Information Security Program; may provide guidance on projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Analyze information from various sources, especially the SIEM/SOAR/EDR, to better inform detection and reporting to improve monitoring and detect emerging threats. May be required to put analysis in writing (report form).
3. Incident Response: Resolve security issues in a diverse and decentralized environment; communicate effectively; detect, investigate, remediate, and recover from cybersecurity threats across TEA; report to Cybersecurity Operations Team Lead or designated Incident Response Lead concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance. Document incidents as required.
4. Cybersecurity Advisor: Assist in advising management and users regarding security policy, procedures, and security best practices; especially as it relates to maximizing the utility of our SIEM/SOAR solution.

Minimum Qualifications

• Education: Graduation from an accredited four‑year college or university.
• Degree field(s): Cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field.
• Experience: At least two (2) years of experience in an enterprise environment, doing all of the following: managing and configuring an enterprise‑grade SIEM/SOAR solution, using Python or PowerShell to collect data from APIs, normalize that data, and send that data to a SIEM/SOAR platform, creating alerts, dashboards, and reports (especially around cybersecurity metrics) in a SIEM solution, validating and deploying security controls/systems in a safe and approved manner, and responding (as needed) to alerts/events generated by security tools. The two (2) years of minimum experience must be recent (within the last year), paid, professional experience, in a moderate to large enterprise environment.
• Substitutions: Each additional year of related experience above the required minimum may substitute for education on a year‑for‑year basis.

Other Qualifications

• Share the belief that all Texas students can achieve at high levels and are able to succeed in college, career, or the military.
• Experience administering, configuring, and using CrowdStrike Next Gen SIEM and/or Splunk is preferred.
• Understanding of modern threat actor techniques, tactics, and procedures (TTPs) is preferred.
• Knowledge and experience with FERPA is preferred.
• Collaborative team player with a proactive approach to projects, adaptable to acquiring new skills and responsibilities.
• Skill in translating business imperatives and risk tolerances into effective security solutions, adhering to change control processes, documenting findings clearly, and managing expectations with professionalism.
• Strong organizational skills with the ability to effectively manage multiple priorities while fostering collaboration and teamwork.
• Demonstrated excellence in customer experience and relationship building, with the ability to communicate professionally across all organizational levels and business units.

As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age, or veteran status, unless an applicant is entitled to the military employment preference.

To review the Military Occupational Specialty (MOS) codes from each branch of the U.S. Armed Forces to each job classification series in the State’s Position Classification Plan (provided by the State Auditor’s Office), please access the Military Crosswalk (occupational specialty code) Guide and click on the military “occupational category” that corresponds with the state classification in this job posting title.

This position requires the applicant to meet Agency standards and criteria which may include passing a pre‑employment criminal background check, prior to being offered employment by the Agency.

No phone calls or emails, please. Due to the high volume of applications, we do not accept telephone calls and cannot reply to all email inquiries. Only candidates selected for interview will be contacted. Please add “capps.recruiting@cpa.texas.gov” and “@tea.texas.gov” to your safe senders list to ensure you receive email notifications from our talent acquisition team and/or hiring division regarding your candidacy.