Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftl?job=00053705
You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section
GENERAL DESCRIPTIONAre you ready to protect mission-critical systems that serve millions of Texas families? Join the IT Division at the Texas Office of the Attorney General (OAG) as a Cybersecurity Analyst V (Senior IT Security Analyst). In this role, youand#8217;ll safeguard sensitive data, lead incident response efforts, and ensure compliance with cybersecurity standards. Working in a hybrid cloud environment, youand#8217;ll collaborate across teams to assess risk, implement controls, and respond to evolving threatsand#8212;helping secure systems that directly impact the lives of Texas children and families.Why the OAG?At the OAG, weand#8217;re not just looking for a security analystand#8212;weand#8217;re seeking a mission-driven professional who thrives on complexity, understands the importance of regulatory compliance, and brings a proactive mindset to cybersecurity operations. If youand#8217;re passionate about protecting public sector systems and want to make a meaningful impact, this is your opportunity to do important, high-visibility work in service of Texas families.Your Responsibilities:and#8226;Security Operations Incident Response:Ensure the safety and continuity of services for millions of Texans through leading efforts to detect, investigate, and respond to security threats impacting mission critical systems.and#8226;Threat Intelligence Vulnerability Management:Stay ahead of evolving threats by analyzing cyber intelligence, conducting proactive threat hunting, and identifying vulnerabilities. You'll play a key role in strengthening the agencyand#8217;s security posture.and#8226;Risk Compliance:Support audits and assessments that uphold public trust and regulatory compliance. Your contributions help the agency meet high standards like IRS Pub 1075 and the NIST Cybersecurity Framework.and#8226;Security Architecture Controls:Collaborate with technical teams to design and validate security controls across hybrid environments. Your input helps shape secure, scalable systems that support long-term program success.and#8226;Policy Awareness:Help build a culture of security by contributing to policies, standards, and awareness efforts. Your guidance empowers teams to make informed, secure decisions every day.The OAG is committed to delivering modern, value-driven IT services that empower the agency to serve the people of Texas more effectively. We believe that placing the right people in the right rolesand#8212;and equipping them with the right toolsand#8212;creates a dynamic environment where innovation thrives.The OAG is a dynamic state agency with over 4,000 employees throughout the State of Texas. As the Stateand#8217;s law firm, the OAG provides exemplary legal representation in diverse areas of law. OAG employees enjoy excellent benefits (https://ers.texas.gov/Benefits-at-a-Glance) along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.ESSENTIAL POSITION FUNCTIONSSecurity Operations Incident Responseand#8226;Monitor security alerts and logs across cloud and on-prem environments to detect and respond to potential threats.and#8226;Lead incident response activities, including investigation, containment, remediation, and post-incident analysis.and#8226;Coordinate with internal teams and external partners to ensure timely and effective resolution of security incidents.Threat Intelligence Vulnerability Managementand#8226;Conduct proactive threat hunting and analyze cyber intelligence to identify emerging risks.and#8226;Perform vulnerability assessments and penetration testing; track and verify remediation efforts.and#8226;Maintain awareness of current threat landscapes and recommend appropriate defensive measures.Risk Management Complianceand#8226;Support internal and external audits, security assessments, and compliance reviews (e.g., IRS Pub 1075, NIST CSF, CJIS).and#8226;Assist in risk analysis, control validation, and documentation of findings and mitigation plans.and#8226;Contribute to the development and maintenance of system security plans and risk registers.Security Architecture Control Implementationand#8226;Collaborate with infrastructure, DevSecOps, and application teams to design and implement security controls.and#8226;Validate the effectiveness of technical safeguards across AWS, Salesforce, and hybrid systems.and#8226;Provide input on secure configuration baselines, access controls, and encryption standards.Policy, Governance Awarenessand#8226;Contribute to the development, review, and enforcement of cybersecurity policies, procedures, and standards.and#8226;Support security awareness and training initiatives for IT staff and business users.and#8226;Participate in governance activities such as change reviews, architecture reviews, and security advisory boards.Interface with auditors, vendors, and regulatory bodies to support audits, assessments, and compliance initiatives, and to ensure audit readiness.
Maintain current knowledge of cybersecurity frameworks, tools, and best practices, ensuring the agencyand#8217;s security posture remains resilient and adaptive.
Ensure the confidentiality, integrity, and availability of sensitive and protected information, and comply with all agency policies, including those related to ethics and integrity.
Prepare and present technical reports, risk analyses, and strategic recommendations to executive leadership and stakeholders.
Support business continuity planning, including the development and testing of contingency plans and emergency response procedures.
Performs related work as assigned
Maintains relevant knowledge necessary to perform essential job functions
Attends work regularly in compliance with agreed-upon work schedule
Ensures security and confidentiality of sensitive and/or protected information
Complies with all agency policies and procedures, including those pertaining to ethics and integrity
Qualifications: MINIMUM QUALIFICATIONSEducation: Graduation from high school or equivalent
Experience: 10 years of full-time experience working in the following (or closely related) fields: Cybersecurity operations or incident response; threat intelligence or threat hunting; security architecture or secure system design; risk assessment, compliance, or IT audit; vulnerability management or penetration testing; may substitute credit hours from an accredited college or university for the required experience on a year-for-year basis.Knowledge, Skills, and Abilitiesand#8226;Deep understanding of cybersecurity frameworks (e.g., NIST SP 800-53, NIST CSF, CIS Controls, CJIS)and#8226;Strong grasp of network and systems fundamentals, and zero trust architectureand#8226;Hands-on experience AWS and/or Azure cloud securityand#8226;Familiarity with secure SDLC practices, threat modeling, and code reviewand#8226;Skilled in risk management, governance, and continuous improvement of security programsand#8226;Excellent communication and analytical skillsand#8226;Ability to lead, mentor, and influence across cross-functional teamsand#8226;Self-directed with the ability to manage multiple priorities independently
Ability to work in person at assigned OAG work location, perform all assigned tasks at designated OAG work space within OAG work location, and perform in-person work with coworkers (e.g., collaborating, training, mentoring) for the entirety of every work week (unless on approved leave).
Ability to work remotely as a manager-provided option, depending on work
