Job Description

JOB DESCRIPTION:

Performs moderately complex (journey-level) cybersecurity and information security analysis work for the Office of the Texas Secretary of State's Information Security section. This role blends security operations with governance, risk, and compliance (GRC) responsibilities including vulnerability assessments, policy and standards support, incident detection and response, risk analysis, cyber intelligence, and compliance with state and federal regulatory requirements. May also assist other staff in performing work of greater complexity. Works under general supervision, with moderate latitude for the use of initiative and independent judgment.

Examples of Work Performed
• Monitor networks, systems, endpoints, and threat-intelligence sources to identify unauthorized activity, emerging threats, and potential security incidents.
• Perform as vulnerability assessments, penetration testing, access-control reviews, and security configuration assessments to proactively reduce risk.
• Develop, implement, and maintain cybersecurity policies, standards, and incident-response procedures in alignment with NIST, CJIS, SOS, and other applicable regulatory frameworks.
• Manage and enhance the security posture of the organization through secure system configurations, encryption practices, MFA oversight, and administration of key security tools including logging platforms, endpoint protection, and Microsoft 365 security features.
• Lead or support incident response activities, including investigation, root-cause analysis, containment, remediation coordination, and post-incident documentation.
• Collaborate with internal teams, external vendors, and partner agencies to ensure secure architectures, data-protection practices, and compliance with SLAs, SOWs, and industry best practices.
• Contribute to disaster-recovery and business-continuity planning, and support agency-wide security initiatives, user-training efforts, and awareness programs.
• Prepare clear, actionable reports, dashboards, and briefings to communicate risks, threats, and compliance status to leadership and stakeholders.
• Promote a positive, professional work environment and support team collaboration.
• Adhere to all SOS personnel policies and maintain regular, dependable attendance.
• May require occasional after-hours work.
• Attends work regularly and observes approved work hours in accordance with agency state employee policies and procedures handbook.
• Perform other duties as assigned.

Knowledge, Skills and Abilities
• Knowledge of the limitations and capabilities of computer systems; technology across all mainstream operating systems, and application platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications; and cybersecurity, information security, and privacy laws and regulations; incident response principles, process and documentation; and cybersecurity and information security controls, practices, procedures, and regulations.
• Skill in the use of computers and application software and the configuring deploying, monitoring, and automating of security applications and infrastructure.
• Skills in instructing others, in facilitating workshops, and in the use of a computer and applicable software.
• Strong verbal and written communication skills.
• Strong analysis, problem-solving and decision-making skills.
• Excellent computer skills in Microsoft Office applications.
• Ability to resolve complex security issues in diverse and decentralized environments.
• Ability to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls.
• Ability to learn new information and security technologies.
• Ability to provide technical assistance or guidance to peers and external clients.
• Ability to handle difficult situations and to identify and solve problems.
• Ability to multitask, prioritize, remain focused, and be flexible to changes.
• Ability to maintain a professional demeanor in interaction with others.
• Ability to adhere to approved work schedule and maintain attendance and punctuality.
• Ability to work overtime and extended hours on projects.
• Ability to develop, plan, and implement short- and long-range goals.
• Highly organized; ability to manage multiple projects simultaneously and meet deadlines.
• Ability to engage in a collaborative, results-oriented team environment.
• A desire to self-reflect, give/receive feedback and continuously improve.

• Ability to lift and carry boxes weighing up to thirty (30) pounds.

This job description reflects management's assignment of essential functions and position responsibilities. Nothing in this job description restricts management's rights to assign or reassign duties and responsibilities to this job at any time.

Qualifications:

REQUIRED QUALIFICATIONS:
• Graduation from a standard senior high school or equivalent.
• Four (4) years of full-time, paid working experience in information security, focusing on governance, risk, and compliance analysis.
• Experience using Microsoft 365 applications, including Outlook, Teams, Word, Excel, and PowerPoint.

PREFERRED QUALIFICATIONS:
• Graduation from an accredited four-year college or university with major coursework in information technology security, information assurance, computer information systems, computer science, management information systems, or a related field.
• One or more of the following or equivalent industry recognized certifications: Certified Information Systems Security Professional (CISSP)®, Certified Information Systems Auditor (CISA), Certified in Governance, Risk, and Compliance (CGRC), Certified in Risk and Information Systems Controls (CRISC), Certified in Governance Risk and Compliance (CGRC), Certified Information Systems Manager (CISM), Certified Ethical Hacker (CEH), SANS Global Information Assurance Certification (GIAC), CompTIA Security +, or comparative security professional certification.
• Experience in conducting security assessments and/or audits of policies, standards, procedures, and technical environments within state and federal statutes, regulations, and standards relating to information security and computer crime.
• Experience in governance risk and compliance program implementation.
• Experience in development, review, and updating system security plans.
• Experience in Supply Chain Risk Management or 3rd-Party Vendor Risk Assessment programs.
• Experience in vulnerability management programs, or network security (IDS/IPS, Next Gen or Enterprise Firewalls).
• Experience in security operations.
• Experience in Information Privacy.

Information for Veterans, Reservists, or Guardsmen

The following MOS codes are generally applicable to this position: 15P, 36B, 42A, 56M, 68J,

88H, 88N, 89A, 89B, 92A, 92Y, AZ, LS, MC, PS, RP, SN, YN, 641X, 741X, 360, 018, 0100,

0111, 6046, 0102, 0170, 4430, 3A1X1, 8A200. Please include any of these codes in the State of

Texas application to better determine whether the minimum qualifications for this posting have

been met.