Senior Cybersecurity Operations Analyst (Cybersecurity Analyst III)

Job Description

MISSION: The Texas Education Agency (TEA) will improve outcomes for all public-school students in the state by providing leadership, guidance, and support to school systems.

Core Values:

• We are Determined: We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students.

• We are People-Centered: We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.

• We are Learners: We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.

• We are Servant Leaders: Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.

New hires, re-hires, and internal hires will typically receive a starting salary between the posted minimum and the average pay of employees in their same classification. Offers will be commensurate with the candidate's experience and qualifications and will thoughtfully consider internal pay equity for agency staff who perform similar duties and have similar qualifications. The top half of the posted salary range is generally reserved for candidates who exceed the requirements and qualifications for the role. The maximum salary range is reserved for candidates that far exceed the required and preferred qualifications for the role.

Position Overview

The Senior Cybersecurity Operations Analyst assists the Texas Education Agency (TEA) mission to support every Texas public school student to be ready for college, career or the military and understands the Agency must first have a workforce of high-performing individuals who are committed to improving outcomes for Texas students. With this as our guiding principle, the Senior Cybersecurity Operations Analyst works closely with TEA's Cybersecurity Operations Team Lead to implement a stake-holder focused Information Security Program to protect the information which is shared with the Agency by the citizens of Texas and Local Education Agencies (LEAs). The Senior Cybersecurity Operations Analyst will be responsible for key cybersecurity strategies including:

• Working with the Cybersecurity Operations Team Lead to improve TEA's cybersecurity maturity, following the Texas Cybersecurity Framework.

• Following Incident Response processes to ensure swift and proper response to cyber incidents.

• Administering security controls to prevent malware delivery, execution, and extent of cyber incidents.

This role sits in the Office of Information Technology. The Office of Information Technology works closely with all agency divisions to implement innovative technology solutions in a cost-efficient manner that supports the goals and priorities of the Texas Education Agency. The Office of IT provides efficient technology solutions and stellar customer services to internal staff, 20 Educational Service Centers, and 1,200-plus public-school districts and charter schools. The following services are provided by IT: leadership on IT initiatives; guidance on security/policy issues; new application development/enhancements; software acquisition; technical support; assistance with technical sections of purchasing documents such as Request for Information (RFI), Request for Offers (RFO), Request for Proposals (RFP); and oversight on the data collection process which helps to support and improve outcomes for all of Texas' 5 million-plus students.

Flexible work location within the state of Texas may be considered for qualified candidates.

Please note that a resume is a required attachment for applying to this position. Incomplete applications will not be considered. Applicants who are strongly being considered for employment must submit to a national criminal history background check.

Essential Functions

Job duties are not limited to the essential functions mentioned below. You may perform other functions as assigned.

1. Application Vulnerability Management: works closely and collaboratively with our DevOps and Application Teams to implement, manage, and monitor various application security scanning tools; manages and maintains documentation regarding outstanding application vulnerabilities, and remediation effort status; maintains metrics related to vulnerability remediation efforts

2. Cybersecurity Analysis: provide cybersecurity consultation for TEA projects that align with TEA's Information Security Program; may provide guidance on projects to assess security requirements and controls and to ensure that security controls are implemented as planned

3. Incident Response: resolves security issues in diverse and decentralized environments; communicates effectively; detects, investigates, remediates, and recovers from cybersecurity threats across TEA; reports to Cybersecurity Operations Team Lead or designated Incident Response Lead, concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance

4. Cybersecurity Advisor: assists in advising management and users regarding security policy and procedures

5. Security Operations: maintain and administer security operation platforms for TEA; define security configuration and operations standards for security systems, including policy assessment and compliance tools, network security appliances, and host-based security systems; work with Cybersecurity Operations Team Lead to develop strategies and plans to enforce security requirements and address identified risks



Qualifications:

Minimum Qualifications

• Education: Graduation from an accredited four-year college or university with a degree with a related degree.

• Degree field(s): Cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field

• Required Licenses: One or more current security certifications (Security+, CEH, GISF, CISSP, CCSP, CISA, GIAC, CRISC, CGRC, CISM, or SSCP etc.)

• Experience: At least three [3] years of experience in Cybersecurity related domains; must have knowledge of and experience with vulnerability management plus one or more of the following areas: Incident Response, Security Operations, Risk and Compliance, System Administration, Network Security, or Security Architecture and Engineering. Internships will be considered.

• Substitutions: Education and experience may substitute for one another on a year-for-year basis.

Other Qualifications

• Share the belief that all Texas students can achieve at high levels and are able to succeed in college, career, or the military

• Knowledge of secure development standards and practices (i.e., SSDF) required

• Knowledge of Information Technology infrastructure, including routers, switches, firewalls, databases, operating systems, encryption, load balancing, intrusion prevention systems, and network protocols and concepts

• Knowledge and understanding regarding application security (OWASP, NIST SDF, MITRE CWE, etc.)

• Knowledge of code analysis tools and techniques, coding and testing standards, web application security risk, software security principles and practices, penetration testing tools, principles, techniques and practices

• Knowledge or experience with the NIST Incident Response Processes required

• Experience or education relating to application security testing highly preferred

• Proficient in at least one programming language preferred

• DevSec Ops experience preferred

• Highly organized and effective in managing multiple tasks while maintaining high levels of user satisfaction

• Ability to manage expectations appropriately, provide a superior customer experience and build long-term relationships

• Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives

• Ability to collaborate with external security organizations and other agencies to maintain security preparedness and maintain best practices

• Team player who is eager to volunteer to assist with projects and learn new skills

• Knowledge and experience with FERPA are a plus

As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age or veteran status, unless an applicant is entitled to the military employment preference.

To review the Military Occupational Specialty (MOS) codes from each branch of the U.S. Armed Forces to each job classification series in the State's Position Classification Plan (provided by the State Auditor's Office), please access the Military Crosswalk (occupational specialty code) Guide and click on the military "occupational category" that corresponds with the state classification in this job posting title.

This position requires the applicant to meet Agency standards and criteria which may include passing a pre-employment criminal background check, prior to being offered employment by the Agency.

No phone calls or emails, please. Due to the high volume of applications, we do not accept telephone calls and cannot reply to all email inquiries. Only candidates selected for interview will be contacted. Please add "capps.recruiting@cpa.texas.gov" and "@tea.texas.gov" to your safe senders list to ensure you receive email notifications from our talent acquisition team and/or hiring division regarding your candidacy.