Cybersecurity Analyst II
Oversees the IT cybersecurity operations, delivery, engineering, and architecture for the Enterprise. Provides guidance in strategic and tactical cybersecurity operations planning and implementation for the Health and Human Services Commission (HHSC) Information Security Office and the Enterprise Information Security Office. Protects the confidentiality, integrity and availability of the Enterprise IT infrastructure in compliance with all applicable laws, security best practices and internal policies. Ensures that an effective framework of security controls is implemented and maintained. Key cybersecurity services include incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment. Operates a Cybersecurity Operations Center (CSOC) and responds to CSOC notifications and works to resolve them. Analyzes complex log data that are provided from various sources to pinpoint issues and guide them to resolution. Monitors information systems for alarms and conditions to prevent, detect, and manage cyber-attacks and other IT security incidents. Follows processes and procedures based on information security management and computer security incident management guidelines. Employs tools such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; intrusion detection systems (IDS); and log management systems and security information and event management (SIEM). Assists in the analysis of collected information. Performs vulnerability testing on computer systems. Undertakes complex project work that results from CSOC incidents to troubleshoot root cause and execute solutions with other IT teams (network, desktop, systems, etc.). Researches, evaluates, recommends, configures and administers hardware, software, and system security and develops/maintains technical documentation and procedures. Trains and provides guidance to less experienced staff. Performs work under general or limited supervision of the Cybersecurity Officer. Works both independently and within a team environment. Essential Job Functions:
* Responsible for the research, technical analysis, recommendation, configuration, and administration of systems and procedures to ensure the protection of information processed, stored or transmitted. Develops and publishes cybersecurity policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements. Conducts security research in keeping abreast of latest security issues. Interacts with customers to understand their cybersecurity needs and assists in the development and implementation of procedures to accommodate them. Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems. Evaluates network and system security configuration for best practices and risk-based access controls. Assesses established security policy criteria against actual operational functions to ensure success criteria of data security controls and processes. Develops repeatable reporting metrics and data presentations from numerous security toolsets to include, but not limited to, Security Incident Event Monitoring (SIEM) logs, Packet Capture Analysis, Web Proxy Security Management Appliance (SMA) and Network Performance Monitoring Systems that detail network data usage, access, and statistic reporting capabilities. Designs, tests and practices breach management response. Conducts threat modeling and develops best practices and procedures to proactively identify threat vectors and anomalies in large volumes of data. (30%)
* Provides security design, consultation, and technology governance oversight for various projects and initiatives. Protects websites and networks from cyber threats, such as malware, denial-of-service attacks and viruses. Reviews, enforces or corrects violations to cybersecurity policies, procedures, standards and guidelines to help prevent future occurrences. Regulates access to computer files, develops firewalls, performs risk assessments and tests data processing systems to verify security measures. Collaborates with IT management, the legal and privacy departments, and law enforcement agencies to manage security vulnerabilities. Provides direction and guidance in strategic and tactical cybersecurity operations planning and implementation for 1) the HHSC Information Security Office and 2) the Enterprise Information Security Office. Monitors and maintains cybersecurity infrastructure and policies and procedures to protect information systems from unauthorized use. Develops incident response and discovery workflows to speed breach detection timeframes. Oversees breach management processes and policies, information controls, secure communications, information rights, data classification and post-breach remediation and security. Leads the establishment and implementation of the CSOC strategic plan to mitigate risks while complying with legal, statutory, contractual, and internally developed requirements. Serves as the technical liaison between the cybersecurity operations function, the other Information Technology departments and agency business units. Leads and participates in cybersecurity special investigations, internal audits, research studies, forecasts, and modeling exercises to provide direction and guidance. Researches and analyzes cybersecurity and privacy legislation, regulations, advisories, alerts and vulnerabilities. Prioritizes and responds to cybersecurity incidents.(20%)
* Undertakes complex cybersecurity projects requiring specialized technical knowledge. Coordinates and executes security projects for the agency. Performs vulnerability scans of networks and applications to assess effectiveness and identify weaknesses. Writes computer system exploits, including fuzzing, heap spraying, SEH overwrites, and ROP chaining and scripting in Python, Powershell, Perl, Ruby, bash, or equivalent. Performs post-exploitation actions on compromised systems, including exfiltration, credential dumping, and persistence. Executes on appropriate mitigation strategies for identified threats. Reviews, develops, and delivers cybersecurity awareness training and promotes security awareness to ensure system security. Responds and provides guidance to data breaches and viruses. Collaborates with end users and others to resolve data breaches and viruses. Projects activities with users across the enterprise to monitor the transfer and modification of data files to incorporate new security software and virus protection systems. Identifies and corrects functional areas leading to data loss risk with incorporation of security toolsets and processes, and introduces additional access controls that change individual access capabilities to sensitive data services. (20%)
* Performs complex security analysis of existing systems for compliance with security requirements. Reviews computer logs and messages to identify and report possible violations of security. Coordinates responses to information security incidents and cyber investigations including computer forensics, network forensics, root cause analysis and malware analysis. Resolves complex security issues in diverse and decentralized environments. Plans, develops, monitors, and maintains cybersecurity and information technology security processes and controls. Advises on cybersecurity issues to HHS's systems and workflows to ensure that agency security controls are appropriate and operating as intended. Writes security status reports to provide system status, reports potential and actual security violations and provides procedural recommendations. Manages the CSOC processes and technologies to provide awareness through the detection, containment, and remediation of cybersecurity threats. Manages the CSOC to ensure incidents are properly identified, analyzed, communicated, actioned and defended, investigated and reported. Monitors applications to identify a possible cyber-attack or intrusion (event) and determines if it is a real, malicious threat (incident), and if it could have a business impact. Develops a state-of-the art situational watch room, combining analysts, management, and executive-level dashboards, giving the agency real-time business security intelligence. Maintains comprehensive web activity monitoring and selective site blocking based upon customer requirements. 20%)
* Provides leadership to other cybersecurity analysts in the performance of their duties. Tactically develops staff for operational tasks. Provides recommendations for tactical improvements. Uses delegated authority to provide operational tasks and assignments. Reviews regulatory requirements, provides Industry standards and familiarity with technical best practices to staff as appropriate. Knowledgeable in technical proficiency surrounding Security Operations Center tools and their use by Security staff. Monitors and provides feedback as to whether established goals and objectives for the CSOC team are aligned with the goals of the enterprise. Evaluates and recommends procurement of security technologies. Identifies trends and opportunities to improve CSOC processes for the agency and the enterprise. Provides guidance for CSOC work orders and tickets. Anticipates organizational impacts and develops procedures introducing new cybersecurity technologies. Identifies and evaluates new cybersecurity technologies to remediate vulnerabilities and participate in the procurement of technology solutions.(5%)
* Other duties as assigned. (Note: For DSHS positions this includes but is not limited to actively participating and/or serving in a supporting role to meet the agency's obligations for disaster response and/or recovery or Continuity of Operations (COOP) activation. Such participation may require an alternate shift pattern assignment and/or location.) (5%) Knowledge Skills Abilities:
An understanding of enterprise level IDS/IPS systems, firewalls, event logging and other security solutions and tools.
Knowledge and understanding of Texas state government and its information systems.
Knowledge in technical proficiency surrounding CSOC tools and their use by the cybersecurity staff.
Knowledge of IT infrastructure designs, technologies, products, and services; networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases, encryption, load balancing, and other technologies.
Knowledge of laws, rules, and regulations relevant to information technology in Texas.
Knowledge across all network layers and computer platforms; of the operational support of networking, operating systems, Internet technologies, databases, and security application support; and of information security practices, procedures, and regulations.
Knowledge of TCP/IP networking: networking topology, protocols and services.
Knowledge of Microsoft software applications and other software applications.
Knowledge using log aggregation tools and log analysis techniques.
Knowledge of data privacy laws and the associated security requirements.
Knowledgeable in new security technologies and maintains an understanding of operation and defense as it
Skilled and proficient in network analysis protocols to include netflow, logging protocols and methodologies, packet capture and TCP/IP stack operations.
Skill in configuring, deploying, and monitoring security infrastructure.
Skill in planning, organizing, assigning, and overseeing the work of others, tracking progress, and taking corrective action to meet deadlines.
Skilled in computer and network forensics (ability to provide computer forensic support to highly technical investigations).
Skilled in network intrusion detection.
Skilled in vulnerability assessment/penetration tests.
Ability to help establish unit goals, objectives, and strategies.
Ability to analyze work related problems, draw evidence-based conclusions, and devise innovative solutions.
Ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies
In-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities.
Ability to develop, research, maintain tools/techniques/trends in computer and network vulnerabilities, data hiding and encryption.
Ability to analyze and understand "attacker" methodologies and tactics.
Understanding of Advance Persistent Threat groups and Hacker activity.Understanding of internal and external audit process.
Ability to create specific mitigation tactics.
Ability to perform malicious code reverse engineering.
Ability to utilize common sandbox technology to perform dynamic malware analysis.
Familiarity with security best practice standards such as ISO27001, NIST SP800-53 and 800-61, FIPS, ITIL and COBIT.
Excellent verbal and written communication skills, with emphasis on the ability to communicate with IT staff, managers and users regarding information security matters.
Agile learner, able to research and implement new technologies or solutions. Registration or Licensure Requirements:
Experience in cybersecurity analysis, information security analysis, or digital forensics. Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or similar certifications preferred. A clear criminal background check is required for this position. Initial Selection Criteria:
Prior experience in one or combination of areas:
* IT / Security Incident Operations,
* Vulnerability Management and Penetration Testing
* IT / Security / Network Hardware, Software engineering and management Additional Information:
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include: 25B, IT, OS, 0681, 3D0X2. For more information see the Texas State Auditor's Military Crosswalk at: http://www.hr.sao.state.tx.us/Compensation/JobDescriptions.aspx. MOS Code:
25B, IT, OS, 0681, 3D0X2
HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.
I-9 Form - Click here to download the I-9 form.
In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.