Job Description LOCATION: Austin, Texas - The Department of Savings and Mortgage Lending is located in Austin, Texas. This role requires weekly in-office attendance.
Military Codes: Army - 17C, 25D;
Navy - 183X;
Coast Guard - CYB10, CYB11, CYB12;
Marine - 0605;
Air Force - 1B4X1, 1D7X1, 3D0X2;
Space Force - 514A, 5C0X1D, 5C0X1N, 5C0X1S. Additional information on the SAO Military Crosswalk is available here: Military Crosswalk for Occupational Category - Information Technology
JOB TITLE: Cybersecurity Analyst III - (Information Resources)
JOB DESCRIPTION: Performs highly complex (senior-level) information security and cybersecurity analysis work involving planning, implementing, and monitoring security measures to protect information and information systems against accidental or unauthorized modification, destruction, or disclosure, and to assure their confidentiality, integrity, and availability. Work also includes protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May guide others. Works under limited supervision, with considerable latitude for initiative and independent judgment.
EXAMPLES OF WORK PERFORMED: - Performs technical risk assessments to identify and prioritize potential cybersecurity and privacy risks to information systems.
- Performs cybersecurity incident response activities.
- Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems.
- Monitors and reviews new and existing systems' account permissions, data access needs, security violations, programming changes, and physical and environmental security to protect them from unauthorized access.
- Implements continuous automated security compliance capabilities.
- Develops, recommends, and participates in the implementation of plans to safeguard system configurations and data against accidental or unauthorized modification, destruction, or disclosure.
- Conducts cybersecurity awareness training for users to promote a secure culture.
- Develops and distributes educational materials on cybersecurity best practices and emerging threats.
- Supports the implementation of system security plans with agency personnel and external vendors.
- Collaborates with agency personnel and external partners to remediate identified vulnerabilities and ensure compliance with cybersecurity policies and standards.
- May perform vulnerability scans and penetration testing of networks, systems, and applications.
- May assist in developing, reviewing, and updating cybersecurity policies, procedures, and standards to align with regulatory requirements and best practices. May assist in preparing detailed reports on cybersecurity incidents, vulnerabilities, and regulatory compliance status for management and other stakeholders.
- Ability to oversee and/or supervise the work of others.
- Performs related work as assigned.
Qualifications: REQUIRED EDUCATION: Graduation from an accredited four-year college or university with specialization in Cybersecurity: Cryptography, Information Technology Auditing, Penetration Testing, or other major coursework in Information Technology Security and at least one certification:
- Certified Information Systems Security Professional (CISSP) or
- Certified Information Systems Manager (CISM) or,
- The ability to attain one of these certifications within six months of hire.
SUBSTITUTION CERTIFICATION OR LICENSURE: Certifications obtained in both areas of specialization may be substituted in lieu of the required education:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Manager (CISM)
EXPERIENCE: Minimum three years of full-time experience in information security or cybersecurity analysis, or IT security administration and operations work is required. Experience with Microsoft Office is required.
PREFERRED EXPERIENCE: Proficiency in scripting languages (e.g., PowerShell, Python, etc.), experience with security tools and technologies including firewalls, IDS/IPS, SIEM, and endpoint protection solutions, and experience with Microsoft on-prem and cloud environments is preferred.
PREFERRED CERTIFICATION OR LICENSURE: Certifications obtained in one or more of the following are preferred:
• Microsoft Cybersecurity Architect (SC-100)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Information Systems Security Management Professional (ISSMP)
KNOWLEDGE, SKILLS, AND ABILITIES: - Knowledge of local, state, and federal laws and regulations relevant to information security and privacy (e.g., Texas Administrative Code Chapter 202, NIST SP 800-53, etc.)
- Knowledge of cybersecurity and information security controls, practices, procedures, and standards
- Knowledge of the limitations and capabilities of computer systems and technology; technology across all mainstream networks, operating systems, and application platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications and infrastructure
- Knowledge of incident response program practices and procedures
- Knowledge of disaster recovery and business continuity concepts
- Knowledge of change management best practices
- Skill in the use of computers and applicable software and the configuring, deploying, monitoring, and automating of security applications and infrastructure
- Skill in analysis and problem-solving
- Proficient written and verbal communication skills
- Demonstrated organizational skills and the ability to work independently and as part of a team
- Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls
- Ability to gather, assemble, correlate, and analyze facts to prepare and develop reports and actionable recommendations
- Ability to establish goals and objectives
- Ability to map processes
- Knowledge of network security, ability to build, test, and improve data and information security systems.
- Ability to communicate effectively to both technical and non-technical audiences using interpersonal and collaborative skills, and appropriate supporting technology
- Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, and internal and external customers
- Ability to resolve and respond timely to support requests
NOTE: The position may require additional work hours including evenings, weekends, and/or holidays to meet critical deadlines. The job posting in no way states or implies that the duties listed above are all inclusive. Employees are required to perform other duties as assigned. Resumes and cover letters are optional. Resumes are not accepted in lieu of a completed application. All applications must be submitted electronically through CAPPS - Recruit or the Work in Texas websites. To request physical accommodations, call Human Resources at or by email at .
All offers of employment are contingent upon the candidate having legal authorization to work anywhere in the United States. Failure to present such authorization within the time specified by the U.S. Department of Labor will result in the offer being rescinded.
All offers of employment are also contingent upon satisfactory credit and background check.
External final male applicants who are 18-25 years of age will be required to furnish proof of registration or exemption from the registration with the Selective Service System as a condition of state employment.
E-Verify - This organization participates in E-Verify. This employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization.
Department of Savings and Mortgage Lending is an equal opportunity employer.