OAG - Child Support | Cybersecurity Analyst I|26-0276

The Mission of the Office of the Attorney General
•    The Office of Attorney General champions liberty and justice for Texas.
The Values of the Office of the Attorney General
•    The Office of Attorney General is committed to performing its duties with excellence, serving Texas with humility and integrity, and exploring innovative solutions in accomplishing the work of the agency.

Are you dedicated to safeguarding your organization's data and privacy? Imagine extending that commitment to protecting the citizens of Texas. The role of Cybersecurity Analyst within the Texas Attorney General’s Enterprise Information Security Team presents a thrilling opportunity amidst our ongoing digital evolution. Join us in advancing cutting-edge products and services while ensuring the state receives top-notch security measures.

Our Enterprise Information Security Team is dedicated to delivering premium security services to the agency, leveraging talent and innovative technologies to better serve Texans. We seek a dynamic security professional to serve as a Cybersecurity Analyst within the Cyber Threat Intelligence Team. This pivotal role involves implementing risk management programs, conducting assessments, and ensuring security compliance. You'll craft security standards and business continuity plans, oversee contract reviews, and conduct system audits and risk analyses. You may rely on direction from others to solve problems that are not standard. You may also assist other staff in performing work of greater complexity.

Join us in safeguarding Texas and shaping the future of cybersecurity governance.

OAG employees enjoy excellent benefits (https://ers.texas.gov/Benefits-at-a-Glance) along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.
 

Safeguard Agency Data: Support the development and maintenance of security strategies by assisting with the design and evaluation of security applications and infrastructure. Contribute to the creation and review of information security policies, standards, and risk management practices. Provide input on security plans, including data encryption and firewall configurations, and help define information security requirements to strengthen agency protocols.
Proactive Risk Management: Assist in gathering data for risk assessments and support reviews of system security posture. Monitor systems using automated tools to identify potential vulnerabilities and escalate findings as needed. Provide input during discussions with risk management representatives and help document observations. Participate in incident detection and preliminary analysis by following established procedures. Contribute to business impact analysis activities by supplying relevant information and maintaining accurate records.
Maintain Data Security: Assist with monitoring access controls to help prevent unauthorized data changes. Support reviews of security procedures and document findings related to potential breaches. Help gather information for compliance checks and gap assessments under guidance from senior staff. Review files and reports for accuracy and escalate compliance concerns as needed. Contribute to maintaining adherence to legal and regulatory standards by providing timely documentation and observations.
Drive Security Innovation: Assist in coordinating security awareness activities and help distribute educational materials to staff. Support senior team members in preparing training sessions and maintain records of participation. Stay informed on current security trends and regulatory requirements to provide accurate information when needed. Contribute ideas for improving awareness programs under guidance from experienced staff.
Performs cybersecurity incident detection, analysis, and prevention.
Performs forensic analysis of information systems and portable devices and forensic recovery of data using assessment tools.
Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems.
Performs related work as assigned
Maintains relevant knowledge necessary to perform essential job functions
Attends work regularly in compliance with agreed-upon work schedule. Telework schedules are permitted for employees based on the agency’s approved Telework Plan (if schedule does not adversely affect operations and service levels, and standard hours of operation are maintained).
Ensures security and confidentiality of sensitive and/or protected information
Complies with all agency policies and procedures, including those pertaining to ethics and integrity
 

Education: Graduation from high school or equivalent
Experience: Six years of full-time experience in information technology security, computer information systems, computer science, management information systems, systems analysis, business administration, project management or a related field; may substitute credit hours from an accredited college or university for the required experience on a year-for-year basis. 
Experience with information security, cyber security, and privacy issues and awareness of regulated data environments.
Experience with technical risk assessments and reviews of account permissions, computer data access needs, security violations, programming changes, and new and existing applications and systems, including data center physical security and environment.
Experience with cybersecurity incident detection, analysis, and prevention.
Knowledge of fundamental information security concepts and technology.
Knowledge of vulnerability scanning of networks and applications to assess effectiveness and identify weaknesses.
Skill in the use of applicable software; and in configuring, monitoring, and automating security applications and infrastructure.
Skill in handling multiple tasks, prioritizing, and meeting deadlines
Skill in effective oral and written communication
Skill in exercising sound judgment and effective decision making
Ability to obtain and maintain approved baseline certification for the position (i.e., Security+)
Ability to gather, assemble, correlate, and analyze facts; to devise solutions to problems; to market the security program; to prepare reports; to develop, evaluate, and interpret policies and procedures; to communicate effectively; and to provide guidance to others
Ability to analyze program area functions and operations, identify areas needing change, and develop plans to improve programs or to address areas of concern
Ability to operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates
Ability to receive and respond positively to constructive feedback
Ability to work cooperatively with others in a professional office environment
Ability to provide excellent customer service
Ability to arrange for personal transportation for business-related travel
Ability to work more than 40 hours as needed and in compliance with the FLSA
Ability to lift and relocate 10 lbs.
Ability to travel (including overnight travel) up to 5% 
PREFERRED QUALIFICATIONS
Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies, and intrusion prevention, etc.)
Experience reviewing third-party contracts for cyber and information security compliance
Experience with IT GRC/IRM platforms (ServiceNow, OneTrust, MetricStream, Galvanize, RSA Archer, etc.).
Experience conducting and managing audits and assessments
Skill or experience in creating security documentation, system security plans, risk assessments, and conducting security awareness training and providing guidance to staff in the development and integration of new or revised methods and procedures
Skill in identifying measures or indicators of program performance and in the use of a computer and applicable software
Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as HITRUST, HIPAA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA, IRS Safeguards Program, CJIS, TAC202, etc.
Skills: Project/Program Management, Auditor/Assessor
Preferred Certifications: CISSP, CISM, CRISC, PMP, CAPM, CISA, Security+

To apply for a job with the OAG, electronic applications can be submitted through CAPPS Recruit. A State of Texas application must be completed to be considered, and paper applications are not accepted. Your application for this position may subject you to a criminal background check pursuant to the Texas Government Code. Military Crosswalk information can be accessed at
https://hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf

THE OAG IS AN EQUAL OPPORTUNITY EMPLOYER