SeaHill Consulting Group
US Citizenship Required
This position is on site 5 days a week
Key Responsibilities Assist in supervising and managing the TxDOT Cybersecurity Operations Tools Team, including oversight of staff augmentation contractors Ensure real-time cybersecurity data, metrics, and correlated incident inputs are delivered to the CSOC Manager and Incident Response Team Administer, maintain, and ensure resilience of enterprise cybersecurity tools, including EDR, scanning, SIEM, and network analytics platforms Support daily cybersecurity operations and active incident response activities Plan, manage, and coordinate deployment and operation of cybersecurity tooling across the agency Provide tooling metrics and inputs for end-of-month and annual cybersecurity reporting Recommend improvements to cybersecurity operations, tool resilience, and operational maturity Assist in managing ongoing cybersecurity programs, including tabletop exercises and readiness activities
Day-to-Day Responsibilities Monitor and manage cybersecurity tools to ensure continuous operational availability and accurate data output Coordinate with CSOC leadership to support real-time monitoring and incident response efforts Oversee configuration, tuning, and maintenance of SIEM, endpoint protection, scanning, and network analytics tools Review alerts, metrics, and tool outputs to ensure effective detection and response coverage Provide technical direction and task prioritization for contractors and team members Develop operational metrics, dashboards, and reports for management and compliance needs Participate in intrusion detection, investigation, and incident response activities Support cybersecurity exercises, documentation updates, and process improvement initiatives
Preferred Experience and Attributes Eight or more years of experience managing or leading technical cybersecurity teams Eight or more years of experience deploying and configuring network security monitoring and incident response tools (EDR, scanners, SIEM, NetFlow) Eight or more years of experience administering and operating cybersecurity monitoring and response platforms Demonstrated experience supporting intrusion detection and incident response activities Strong professional communication skills, including operational reporting and stakeholder coordination Experience with Cisco security tools and managed network analytics solutions Experience with Microsoft Endpoint Detection and Response tools Experience administering and operating Microsoft Sentinel Experience with the Tenable vulnerability management suite Ability to work independently with minimal supervision and sound judgment Experience supporting cybersecurity resilience and operational maturity initiatives Experience working within large enterprise or government environments
Key Responsibilities Assist in supervising and managing the TxDOT Cybersecurity Operations Tools Team, including oversight of staff augmentation contractors Ensure real-time cybersecurity data, metrics, and correlated incident inputs are delivered to the CSOC Manager and Incident Response Team Administer, maintain, and ensure resilience of enterprise cybersecurity tools, including EDR, scanning, SIEM, and network analytics platforms Support daily cybersecurity operations and active incident response activities Plan, manage, and coordinate deployment and operation of cybersecurity tooling across the agency Provide tooling metrics and inputs for end-of-month and annual cybersecurity reporting Recommend improvements to cybersecurity operations, tool resilience, and operational maturity Assist in managing ongoing cybersecurity programs, including tabletop exercises and readiness activities
Day-to-Day Responsibilities Monitor and manage cybersecurity tools to ensure continuous operational availability and accurate data output Coordinate with CSOC leadership to support real-time monitoring and incident response efforts Oversee configuration, tuning, and maintenance of SIEM, endpoint protection, scanning, and network analytics tools Review alerts, metrics, and tool outputs to ensure effective detection and response coverage Provide technical direction and task prioritization for contractors and team members Develop operational metrics, dashboards, and reports for management and compliance needs Participate in intrusion detection, investigation, and incident response activities Support cybersecurity exercises, documentation updates, and process improvement initiatives
Preferred Experience and Attributes Eight or more years of experience managing or leading technical cybersecurity teams Eight or more years of experience deploying and configuring network security monitoring and incident response tools (EDR, scanners, SIEM, NetFlow) Eight or more years of experience administering and operating cybersecurity monitoring and response platforms Demonstrated experience supporting intrusion detection and incident response activities Strong professional communication skills, including operational reporting and stakeholder coordination Experience with Cisco security tools and managed network analytics solutions Experience with Microsoft Endpoint Detection and Response tools Experience administering and operating Microsoft Sentinel Experience with the Tenable vulnerability management suite Ability to work independently with minimal supervision and sound judgment Experience supporting cybersecurity resilience and operational maturity initiatives Experience working within large enterprise or government environments