Cybersecurity Analyst III (Security Operations Analyst)

Job Posting:

00056955

Opened:

3/16/2026

Closes:

3/31/2026

Position Title:

Cybersecurity Analyst III (Security Operations Analyst)

Class/Group:

0321/B27

Military Occupation Specialty Code:

Army: 17C, 25D; Navy: IT; Coast Guard: CYB10, CYB11, CYB12; Marine Corps: 0681, 0605; Air Force: 1D7X1, 1N4X1, Space Force: 5C0X1D, 5C0X1N, 5C0X1S

Fair Labor Standards Act Status:

Exempt

Number of Vacancies:

1

Division/Section:

COO/Shared Technology Services Security

Salary Range:

$8,333.34 - $10,000.00/month

Duration:

Regular

Hours Worked Weekly:

40

Travel:

Occasional

Work Location:

North / Austin, Texas 78758

Web site:

https://dir.texas.gov/

Refer Inquiries to:

People and Culture Office

Telephone:

(512) 475-4957

How To Apply:

• Select the link below to search for this position:  https://capps.taleo.net/careersection/313/jobsearch.ftl?lang=en
•  Enter the job posting number “00056955” in the keyword search.
• You must create a CAPPS Career Section candidate profile or be logged in to apply.

• Update your profile and apply for the job by navigating through the pages and steps.

• Once ready, select “Submit” on the “Review and Submit” page.

• If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid.

Special Instructions:

• Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.

• Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Interview Place/Time:

Candidates will be notified for appointments as determined by the selection committee.

Selective Service Registration:

Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.

H-1B Visa Sponsorship:

We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Equal Opportunity Employer

The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability.  Please call 512-475-4922 to request reasonable accommodation.

Position Description

What We Do

We are a technology agency powered by people.

DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.

DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state. We have over 325 professionals working at DIR who are honored to serve as the cornerstone of public sector technology in Texas. By joining DIR, you will be an integral part of transforming how Texas government serves Texans.

Position Summary

This position supports the Chief Operations Office (COO) at DIR and provides technical oversight and guidance for vendors delivering Managed Security Services (MSS) within the Shared Technology Services (STS) program. The role requires strong technical understanding of networking, firewalls, and security telemetry to evaluate vendor performance, validate detection and response processes, and drive continuous improvement in service quality and security outcomes across endpoint and network monitoring capabilities (EDR/NDR), Security Incident and Event Management (SIEM), and related security tooling. The role also provides technical security guidance to DIR’s Texas Private Cloud and Public Cloud Manager (PCM) vendors on securing compute resources, including Windows and Linux server infrastructure and cloud and SaaS services used to deliver customer workloads.

This Cybersecurity Analyst III (Security Operations Analyst) position performs highly complex (senior-level) cybersecurity analysis work involving operational security assurance, incident detection and response governance, threat assessment, and technical review of security tooling and processes. The position frequently engages vendor leadership, DIR stakeholders, and customers to ensure services are effective, measurable, and aligned with DIR standards and applicable requirements. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment and may provide guidance to others.

·       Provides technical oversight for STS Managed Security Services (MSS), ensuring vendor-delivered monitoring, detection, and response services meet DIR requirements and defined service objectives.

·       Provides guidance and oversight to service component providers to establish and maintain monitoring and logging coverage across endpoints, networks, cloud environments, and SaaS services, including EDR/NDR telemetry, required audit logs, and integration with detection and response capabilities.

·       Reviews and validate vendor operational processes and deliverables (runbooks, playbooks, tuning changes, coverage reports, incident reports, and metrics) for alignment with approved security practices and service expectations.

·       Leads or support technical service assurance activities, including gap assessments of detection coverage, alert fidelity, incident response workflow effectiveness, and reporting quality; identify risks and drive corrective actions to closure.

·       Provides technical guidance to Texas Private Cloud (TPC) and Public Cloud Manager (PCM) vendors on securing compute resources, including Windows and Linux server infrastructure, relevant management services, and cloud-hosted workloads.

·       Defines and validate baseline security expectations and review security-impacting designs/changes for compute, cloud, and network services, including hardening, patching/vulnerability management, endpoint protection, privileged access, segmentation, firewall rules, encryption, backup/disaster recovery (DR) controls, and secure connectivity.

·       Participates in an on-call rotation to provide incident escalation support and oversight, maintain situational awareness of emerging threats and vulnerabilities, and report vendor performance, risks, and trends to DIR leadership and stakeholders.

·       Performs other work-related duties as assigned.

Education

·       Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field.

·       Additional work-related experience may be substituted for education on a year-for-year basis (High-school diploma required).

Experience and Training Required

·       Five (5) years of progressively responsible experience in the IT industry.

·       Three (3) years of progressively responsible experience in IT security analysis or IT security management.

·       Experience in security policy or process development and implementation.

·       Experience in implementing security platforms, processes, and tools.

·       Experience with security tools and platforms such as endpoint detection and response (EDR), network detection and response (NDR), security information and event management (SIEM), intrusion detection systems/intrusion prevention systems (IDS/IPS), firewalls, vulnerability scanning, and cloud security services and controls.

·       Experience detecting and assessing threats such as network and asset vulnerabilities and interpreting security telemetry from endpoint, network, and cloud sources.

·       Experience operating an endpoint protection product

·       Experience operating and/or administering an endpoint protection or endpoint detection platform.

·       Working knowledge of securing Windows and Linux server environments, including hardening concepts, privileged access practices, patching/vulnerability management expectations, and logging/monitoring requirements.

Experience and Training Preferred

·       Experience working with MDR/MSSP providers and conducting service reviews (SLAs/OLAs, KPIs/KRIs, root cause analysis, continual service improvement).

·       Experience in security incident handling, investigation, and/or response, including interpreting endpoint and network telemetry to validate incident scope and vendor findings.

·       Experience tuning detections and managing use cases across EDR, NDR, and SIEM platforms (rule lifecycle, suppression governance, false positive reduction).

·       Experience with cloud platforms and SaaS security controls, including shared responsibility concepts, identity integration, audit logging, and security configuration reviews.

·       Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), or equivalent certification.

·       Experience in cybersecurity analysis or cybersecurity management in state government or other highly regulated environment.

·       Experience working with state or federal IT regulatory issues and processes.

·       Experience in hands-on support of heterogeneous enterprise-class networks (>20,000 devices).

·       Experience operating next-generation endpoint detection and response platforms such as SentinelOne or CrowdStrike.

·       Experience in a leadership or supervisory role.

Knowledge, Skills, and Abilities

·       Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code §202, and related security codes, documentation, and best practices.

·       Knowledge of ITIL processes and standards.

·       Knowledge of standard concepts, practices, and procedures for cybersecurity operations or command centers and the incident response lifecycle (triage, containment, eradication, recovery).

·       Strong technical understanding of TCP/IP networking fundamentals and how attacks and detections present across network layers, including firewall and IDS/IPS concepts, VPN/remote access, and network logging.

·       Knowledge of the security limitations and capabilities of computer systems and of technology across network layers and computer platforms, including Windows and Unix/Linux operating systems.

·       Knowledge of endpoint security concepts and the capabilities and limitations of EDR tooling, including response actions and containment methods.

·       Knowledge of cloud and SaaS security fundamentals, including logging/auditing, identity and access controls, and shared responsibility considerations.

·       Skill in evaluating and guiding configuration and monitoring of security infrastructure and telemetry sources.

·       Ability to collect and analyze complex data, evaluate information and systems, draw logical conclusions, and develop appropriate recommendations to address exposures.

·       Strong verbal and written communication skills, including the ability to adapt information delivery to the target audience and produce clear, actionable guidance for vendors and stakeholders.

·       Ability to take ownership of workstreams and deliver results independently and collaboratively in a team environment.

·       Ability to manage work across multiple stakeholders and priorities in diverse and decentralized environments.

·       Skill in the use of applicable software and in the configuring, deploying, monitoring, and automating of security applications and infrastructure.

·       Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls; and to communicate effectively.

·       Ability to communicate effectively using interpersonal skills and appropriate supporting technology.

·       Ability to promote and support the mission, goals, and efforts of DIR and the statewide security program.

·       Ability to learn and adapt quickly in a dynamic environment.

·       Ability to manage programs and projects to resolve complex issues in diverse and decentralized environments.

·       Ability to assist executives, through discussion and facilitation, in evaluating security architecture, policy choices, and risk tradeoffs.

·       Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers.

·       Ability to understand, follow and convey brief oral and/or written instructions.

·       Ability to communicate both verbally and in writing, in a clear and concise manner.

·       Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.

·       Ability to work under pressure and exacting schedules to complete assigned tasks.

·       Ability to work a flexible schedule to meet required deadlines.

·       Ability to comply with all agency policy and applicable laws.

·       Ability to comply with all applicable safety rules, regulations, and standards.

·       Ability to maintain the security and integrity of any critical infrastructure researched, worked on, or accessed for work purposes.

Computer Skills

·       Proficiency in using approved productivity and collaboration tools (Microsoft Office preferred) and authorized AI/LLM tools in accordance with DIR policies to support research, drafting, summarization, and workflow efficiency while protecting sensitive information.

Other Requirements

·       Regular and punctual attendance at the workplace.

·       Criminal background check.

Working Conditions

·       Frequent use of computers, copiers, printers, and telephones.

·       Frequent standing, walking, sitting, listening, and talking.

·       Frequent work under stress, as a team member, and in direct contact with others.

·       Occasional bending, stooping, lifting, and climbing.

·       May occasionally work extended hours.