Cybersecurity Analyst II in Austin, TX

Description

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Cybersecurity Analyst II 
Job Title: Cybersecurity Analyst II 
Agency: Health & Human Services Comm 
Department: CISO - DSHS 4.2.5 
Posting Number: 11494 
Closing Date: 02/19/2026 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-25 
Salary Range: $5,797.66 - $7,976.00 
Pay Frequency: Monthly
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel:  
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 701 W 51ST ST 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 

Brief Job Description:

Performs advanced (mid-level) information security analysis work, with a strong focus on cloud security and web application protection. Work involves assisting and monitoring security controls for on-premises and cloud-based information systems and infrastructure to regulate access to information resources and to prevent unauthorized modification, destruction, or disclosure of information. Researches, evaluates, and recommends security controls and procedures for the appropriate protection and reduction of risk for information resources.

Evaluates business objectives and advises business partners on the security and compliance requirements and risks within various business initiatives, particularly those involving cloud migration and web application deployments. Develops, recommends, and evaluates the implementation of plans designed to safeguard information systems and information resources against accidental or unauthorized modification, destruction, or disclosure for agency-administered systems and third-party administered systems, including the configuration and management of Web Application Firewalls (WAF).

Assists with developing system security plans and corrective action plans to protect information systems and information resources from unauthorized users. Independently interfaces with executive management throughout the agency and enterprise to assist the CISO in delivering the Information Security Program. Works under limited supervision, with considerable latitude for initiative and independent judgment.

This position is open to permanent residents or US citizens only.

Essential Job Functions (EJFs):

Attends work on a regular and predictable schedule following agency leave policy and performs other duties as assigned.

•       (30%) Provides security and risk management services by performing risk identification, assessment, and remediation, as well as regulatory and internal compliance monitoring. Uses established standards and processes to adequately protect HHS personnel, facilities, cloud infrastructure, information, and business operations. Performs risk management through the assessment and evaluation of risk within information resources, technology, and procedures to ensure business operations can deliver services efficiently and effectively. Activities include cyclical and periodic technology risk assessments of cloud (e.g., Azure, AWS) and on-premises environments, reviews of technology use within business initiatives, web application security analysis, vulnerability analysis, and evaluations of emerging threats.

•       (30%) Performs needs assessment to identify requirements of automated systems and evaluate information security standards. Reviews the agency's systems, including their infrastructure, processes, and procedures, with a specific focus on cloud security posture (CSPM) and web application vulnerabilities, to discover security compliance needs and gaps against agency control requirements.

•       (20%) Advises management and users regarding enterprise security program functions, including cloud security best practices, WAF policy implementation, and secure application development standards.

•       (10%) Supports the cybersecurity training program by providing training to agency customers within assigned specific security domains, such as cloud security or secure web practices.

•       (5%) Other duties as assigned.

Knowledge, Skills and Abilities (KSAs):

• Knowledge in analyzing, recommending, & developing enterprise-wide security policies, standards, & guidelines within appropriate organizational risk tolerances. Skill in implementing enforcement of security policy within technology solutions.
• Knowledge of enterprise security program management using Enterprise Governance Risk & Compliance (eGRC) solutions. Demonstrated experience with the implementation & development of business processes in eGRC solutions.
• Knowledge of effective project management practices & ability to effectively manage multiple priorities. Excellent written and verbal communication skills.
• Knowledge of the limitations and capabilities of computer systems; of technology across all network layers and platforms; of operational support of networks, operating systems, cloud platforms (Azure, AWS, GCP), databases, and security applications; and information security practices, procedures, and regulations.
• Skill in operating computers and applicable software and configuring, deploying, tuning, and monitoring security infrastructure, especially Web Application Firewalls (WAF) and cloud-native security tools (e.g., Microsoft Defender for Cloud, AWS Security Hub).
• Ability to solve complex security issues in diverse and decentralized environments and to communicate effectively to others in non-technical terms.
• In-depth understanding of the NIST Special Publications (800 Series) with particular emphasis on the SP 800-53 Security and Privacy Controls and their application to cloud environments.
• Skill in evaluating enterprise networks/systems and cloud-hosted applications for assurance of control requirements as specified.
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Registrations, Licensure Requirements or Certifications:

Requires one or more of the following or comparable foundational certifications:

•       ISC2 Security Assessment and Authorization Certification (CAP)

•       GIAC Security Essentials (GSEC)

•       ISACA Certified Information Systems Auditor (CISA)

•       CompTIA Security+

As well as one of the following cloud security certifications:

•       Google Professional Cloud Security Engineer

•       Microsoft Certified Azure Security Engineer Associate

•       AWS Certified Security – Specialty

Initial Screening Criteria:

•       Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is strongly preferred. Education and experience may be substituted for one another on a year for year basis.

•       2-4 years of experience in information technology, security risk, compliance management, assessment, auditing, research, and consulting.

•       Experience with cloud security in one or more major platforms (Azure, AWS, GCP) is required.

•       Experience managing, tuning, and monitoring Web Application Firewalls (WAF) is strongly preferred.

•       Experience in researching, authoring, or supporting the development of information security policies and standards.

•       Experience developing security and risk performance metrics and reporting for executive, business, and technical audiences.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.