Cybersecurity Analyst II

As a Cybersecurity Analyst II at the Texas Department of Family and Protective Services (DFPS) you will have at least three (3) years of related experience and be responsible for the research, technical analysis, recommendation, configuration, and administration of applications, systems, and procedures to ensure the protection of information processed, stored or transmitted. The Cybersecurity Analyst II will also conduct “hands-on” computer forensics analysis for investigation and litigation support, security analysis of systems and networks, and security incident investigations, as required.

The Cybersecurity Analyst II will be responsible for developing and managing the DFPS Security Information and Event Management (SIEM) platform. The Cybersecurity Analyst II will act as a subject matter expert of SIEM environment for optimal design, engineering, and operation of the platform. The Cybersecurity Analyst II is expected to review and work with our Information Technology teams to tune the SIEM outputs, including custom dashboards and security event notables. The Cybersecurity Analyst II will monitor applications to identify a possible cyber-attack or intrusion (event) and determines if it is a real, malicious threat (incident), and if it could have a business impact.

The Cybersecurity Analyst II will take lead in the upkeep, maintenance and ensuring that SIEM environment is available and reliable. The Cybersecurity Analyst II will also be responsible for on-boarding new data sources into SIEM, analyzing the data for anomalies and trends, and building dashboards highlighting key trend. The Cybersecurity Analyst II will be responsible for assisting the Chief Information Security Officer with activities such as investigations and litigation support.

The mission of DFPS is to protect children, the elderly, and people with disabilities from abuse, neglect, and exploitation by involving clients, families, and communities.

The Cybersecurity Analyst II is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective. They will assist in planning, developing, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is very large and complex which allows you to combine your previous experience in similar environments with your analytical skills.

This position is classified as a full-time position (40 hours a week). This position is 100% telework within the state of Texas and requires that the candidate maintain personal wi-fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required. Travel to other Austin offices(s) may be required. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment.

Essential Job Functions:

Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog and Windows Event Collector servers, cloud, and database connections with DFPS SIEM platform.

On-board new data sources into the SIEM, analyze the data for anomalies and trends, and build dashboards highlighting key trends.

Analyzes and investigates security alerts and helps tune and improve notables.

Integrates SIEM with upstream data sources by automating data ingestion.

Manages large data sets including creating and organizing indexes.

Analyzes and improves SIEM platform and search query performance. Ensure logs are being ingested and parsed correctly.

Reviews and works with partner teams to tune SIEM outputs, including custom dashboards and security event notables.

Troubleshoot performance alerts from the SIEM infrastructure or The SIEM agents.

Assess existing security posture against industry best practices and control frameworks and propose solutions and improvements.

Provides guidance to internal agency partners (Information Technology Services) related to log management practices.

Mentor and/or support periodic Cybersecurity Analyst Training Workshops regarding how to use the SIEM, best practices, and new features/capabilities.

Participate in defining, implementing, and maintaining agency security policies and procedures and develops operational documentation and processes.

Works to safeguard the agency against malicious code, intrusion or unauthorized access, denial-of-service attacks, and attacks by malicious actors.

Researches emerging technologies and participates in evaluating technologies that align with business goals, reduces costs, and improves reliability, scalability, and security.

Must be willing to work within other programs outside of The SIEM.

Champions information security amongst DFPS partners, sharing and promoting security awareness and safe operating procedures.

Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives.

Researches and remains up to date with emerging threats and solutions relevant to cyber security and its implementations.

Maintains current knowledge of industry trends and standards in information security.

Responsible for continued personal growth in the areas of technology, business knowledge, and DFPS policies and platforms.

Serve as a member of the DFPS Information Security Incident Response Team as needed.

Perform analysis of security systems, media, and logs, respond to incidents as appropriate, using forensic analysis tools.

Knowledge Skills Abilities:

Strong working knowledge of the SIEM Platform and understanding of all SIEM backend components like Universal Forwarders, Heavy Forwarders, Index Clusters and Search Head Clusters.

Proficient at data on-boarding activities including routing, parsing, and normalizing events to the SIEM Common Information Model (CIM).

Expertise performing SIEM systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting.

Experience working with scripting language such as Python or PowerShell.

Strong knowledge and understanding of network infrastructure components such as routers, switches, and firewalls.

Working knowledge and understanding of networking and switching protocols and infrastructure services able to troubleshoot and identify DNS, NTP, routing, switching, and firewall issues affecting connectivity of SIEM instances.

Ability to troubleshoot performance and issues, as well as installation and SIEM upgrades.

Experience in developing SIEM Dashboards, Report, Alerts, Visualizations and Optimize searches

Enjoys looking for and building efficiencies into the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.

Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.

Registration or Licensure Requirements:

Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, network engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Work experience may be substituted for education on a year-for-year basis.

3 years of related experience including SIEM Administration.

Industry recognized certification related to cybersecurity (SANS, ISACA, ISC², CompTIA, etc.) is a plus but not required. The ability to complete certification within one (1) year is required.

Certified Splunk Administrator, Certified Splunk Architecture or other Splunk certifications are highly preferred.

Initial Selection Criteria:

Graduation from an accredited four-year college or university; experience may be substituted for education on a year-for-year basis.

3 years’ of hands-on experience administering, maintaining, and scaling SIEM instances.

Note: You must meet the minimum initial screening criteria to be considered. You should not apply if your submittal documents do not clearly reflect experience meeting the initial screening criteria.

Additional Information:

MOS Code:
0681, 2653, 8055, CYB12, 0673

As a state agency, DFPS is required Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files.

HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.

I-9 Form - Click here to download the I-9 form.

In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.