Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftl?job=00050722
You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section
LOCATION: Austin, Texas - The Department of Savings and Mortgage Lending is located in Austin, Texas. This role requires weekly in-office attendance.
Military Codes: Army 17C, 25D; Navy 183X; Coast Guard CYB10, CYB11, CYB12; Marine 0605; Air Force 1B4X1, 1D7X1, 3D0X2; Space Force 514A, 5C0X1D, 5C0X1N, 5C0X1S. Additional information on the SAO Military Crosswalk is available here: Military Crosswalk for Occupational Category - Information Technology
JOB TITLE: Cybersecurity Analyst II (Information Resources)
JOB DESCRIPTION:
Performs highly complex (senior-level) information security and cybersecurity analysis work involving planning, implementing, and monitoring security measures to protect information and information systems against accidental or unauthorized modification, destruction, or disclosure, and to assure their confidentiality, integrity, and availability. Work also includes protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May guide others. Works under limited supervision, with considerable latitude for initiative and independent judgment.
EXAMPLES OF WORK PERFORMED:
Performs technical risk assessments to identify and prioritize potential cybersecurity and privacy risks to information systems.
Performs cybersecurity incident response activities.
Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems.
Monitors and reviews new and existing systems account permissions, data access needs, security violations, programming changes, and physical and environmental security to protect them from unauthorized access.
Implements continuous automated security compliance capabilities.
Develops, recommends, and participates in the implementation of plans to safeguard system configurations and data against accidental or unauthorized modification, destruction, or disclosure.
Conducts cybersecurity awareness training for users to promote a secure culture.
Develops and distributes educational materials on cybersecurity best practices and emerging threats.
Supports the implementation of system security plans with agency personnel and external vendors.
Collaborates with agency personnel and external partners to remediate identified vulnerabilities and ensure compliance with cybersecurity policies and standards.
May perform vulnerability scans and penetration testing of networks, systems, and applications.
May assist in developing, reviewing, and updating cybersecurity policies, procedures, and standards to align with regulatory requirements and best practices. May assist in preparing detailed reports on cybersecurity incidents, vulnerabilities, and regulatory compliance status for management and other stakeholders.
Ability to oversee and/or supervise the work of others.
Performs related work as assigned.
Qualifications: REQUIRED EDUCATION: Graduation from an accredited four-year college or university with specialization in Cybersecurity: Cryptography, Information Technology Auditing, Penetration Testing, or other major coursework in Information Technology Security and at least one certification:
Certified Information Systems Security Professional (CISSP) or
Certified Information Systems Manager (CISM) or,
The ability to attain one of these certifications within twelve months of hire.
SUBSTITUTION CERTIFICATION OR LICENSURE: Certifications obtained in both areas of specialization may be substituted in lieu of the required education:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Manager (CISM)
EXPERIENCE: Minimum two years of full-time experience in information security or cybersecurity analysis, or IT security administration and operations work is required. Experience with Microsoft Office is required.
PREFERRED EXPERIENCE: Proficiency in scripting languages (e.g., PowerShell, Python, etc.), experience with security tools and technologies including firewalls, IDS/IPS, SIEM, and endpoint protection solutions, and experience with Microsoft on-prem and cloud environments is preferred.
PREFERRED CERTIFICATION OR LICENSURE: Certifications obtained in one or more of the following are preferred:
Microsoft Cybersecurity Architect (SC-100)
Certified Cloud Security Professional (CCSP)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Information Systems Security Management Professional (ISSMP)
KNOWLEDGE, SKILLS, AND ABILITIES:
Knowledge of local, state, and federal laws and regulations relevant to information security and privacy (e.g., Texas Administrative Code Chapter 202, NIST SP 800-53, etc.)
Knowledge of cybersecurity and information security controls, practices, procedures, and standards
Knowledge of the limitations and capabilities of computer systems and technology; technology across all mainstream networks, operating systems, and application platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications and infrastructure
Knowledge of incident response program practices and procedures
Knowledge of disaster recovery and business continuity concepts
Knowledge of change management best practices
Skill in the use of computers and applicable software and the configuring, deploying, monitoring, and automating of security applications and infrastructure
Skill in analysis and problem-solving
Proficient written and verbal communication skills
Demonstrated organizational skills and the ability to work independently and as part of a team
Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls
Ability to gather, assemble, correlate, and analyze facts to prepare and develop reports and actionable recommendations
Ability to establish goals and objectives
Ability to map processes
Knowledge of network security, ability to build, test, and improve data and information security systems.
Ability to communicate effectively to both technical and non-technical audiences using interpersonal and collaborative skills, and appropriate supporting technology
Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, and internal and external customers
Ability to resolve and respond timely to support requests
NOTE:The position may require additional work hours including evenings, weekends, and/or holidays to meet critical deadlines.The job posting in no way states or implies that the duties listed above are all inclusive. Employees are required to perform other duties as assigned. Resumes and cover letters are optional. Resumes are not accepted in lieu of a completed application. All applications must be submitted electronically through CAPPS - Recruit or the Work in Te
