Cybersecurity Analyst IV (Senior Digital Forensics Analyst)

Position Title:

Cybersecurity Analyst IV (Senior Digital Forensics Analyst)

Class/Group:

0322 / B29

Military Occupation Specialty Code:

Army 17C, 25B, 25D, 170A; Coast Guard CYB10, CYB11, CYB12, CYB13; Air Force 1D7X1; Space Force 5C0X1D

Fair Labor Standards Act Status:

Exempt

Number of Vacancies:

1

Division/Section:

Office of the Chief Information Security Officer - Security Operations / CIRT

Salary Range:

$8750.00 - $9166.67 / monthly

Duration:

Regular

Hours Worked Weekly:

40

Travel:

Occasional

Work Location:

300 W. 15th Street, #1300 / Austin, Texas 78701

Web site:

https://dir.texas.gov/

Refer Inquiries to:

People and Culture Office

Telephone:

(512) 463-5920 or (512) 475-4957

How To Apply:

• Select the link below to search for this position:  https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=en
• Enter the job posting number “00050395" in the keyword search.

• You must create a CAPPS Career Section candidate profile or be logged in to apply.

• Update your profile and apply for the job by navigating through the pages and steps.

• Once ready, select “Submit” on the “Review and Submit” page.

• If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid.

Special Instructions:

• Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.

• Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Interview Place/Time:

Candidates will be notified for appointments as determined by the selection committee.

Selective Service Registration:

Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.

H-1B Visa Sponsorship:

We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Equal Opportunity Employer

The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability.  Please call 512-475-4922 to request reasonable accommodation.

What We Do

We are a technology agency powered by people.

DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.

DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state. We have over 250 professionals working at DIR who are honored to serve as the cornerstone of public sector technology in Texas. By joining DIR, you will be an integral part of transforming how technology serves Texans.

Position Summary

A role within the Office of the State Chief Information Security Officer (OCISO) that combines progressive incident response program development, works with many diverse organizations, plans for, and responds to Cyber events, and reviews and communicates threats and vulnerabilities to a wide range of stakeholders. 

This role performs advanced (senior-level) cyber security analysis functions that include planning, implementing, and monitoring CIRT program elements and services that support government organizations throughout the state of Texas in the protection of information resources and government and citizen protected data. Will assist in the State’s efforts to develop, expand, and deliver cybersecurity incident response services, standards, analysis, and guidance. Will guide or assist the Security Operations/CIRT members with the tools and resources required for interactions with state agencies, institutions of higher education, local governmental officials, and other interagency personnel to engage and deliver incident response services, preparedness information, and program delivery of the Cybersecurity Incident Response Team.  Will work with the rest of the OCISO team to collaboratively identify and deliver statewide security program improvements and continuously improve the security posture of the State of Texas as a whole. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. May, at times, assign and/or oversee the work of others.

• Serves as a Senior CIRT Forensics Analyst for the department, providing support, guidance and training to other team members. Forensically analyzes end user systems and servers found to have possible indicators of compromise. Conducts Analysis of artifacts collected during a security incident/forensic analysis and determines how systems were compromised. Provides analysis and findings in investigative matters and develops fact-based reports for DIR and its customers.
• Provides threat intelligence and CIRT program management to support the overall security posture of the state of Texas, including its agencies, institutions of higher education, cities, counties, school districts, special districts, and other qualified governmental entities. Develops, maintains, or supports a threat intelligence capability to identify current and emerging security risks to the state of Texas.
• Develops  content for cybersecurity incident response exercises with state agencies and higher education institutions, Regional Security Operations Centers, local jurisdictions, and other eligible customers. 
• Coordinates with internal staff to establish and maintain situational awareness of current and emerging risks and threats to the state.
• Uses open source and commercial intelligence providers to gain insight into adversary tactics, techniques, and procedures, as well as planned activities and emerging motivations. 
• Identifies security incidents through ‘Hunting’ operations within a SIEM and other relevant tools. Interfaces and connects with system owners and custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation activities. Provide consultation and assessment on perceived security threats affecting the State of Texas.
• Advises the Department leadership and state cybersecurity community of significant emerging threats and provide both strategic and tactical steps to counteract these threats. Researches, identifies, evaluates, and recommends systems and procedures in the field of Cybersecurity.
• Performs other work-related duties as assigned.

Education

• Graduation from a four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems or related field.
• Additional work-related experience may be substituted for education on a year-for-year basis (High-school diploma required.

Experience and Training Required

• Five (5) years of progressively responsible experience in the IT industry.
• Five (5) years of progressively responsible experience in cyber security or IT project management work.
• Two (2) years of experience in responding to cyber security incidents.

Experience and Training Preferred

• Experience and training in analyzing, recommending, developing, and implementing cogent enterprise-wide policies, standards, and guidelines.
• Experience working with state or federal IT regulatory issues and processes.
• Experience in researching and documenting findings on information technology issues, processes, or programs.
• Have or work towards obtaining Certified Ethical Hacker (CEH) GAIC Certified Incident Handler (GCIH), GCFE Certified Forensic Examiner (GAIC ), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), and/or CyberSec First Responder (CFR) or similar certification, or serve as a SME on a certification creation committee or equivalent

Knowledge, Skills, and Abilities

• Knowledge of applied “sound security” concepts, such as the principal of least privilege, the use of multi-factor authentication and identity and access management.
• Broad understanding of the cybersecurity landscape including identity management, access management, access governance, and privileged access management capabilities and methodologies
• Knowledge of generally accepted information technology standards and practices; of information technology practices; and of information technology management practices.
• Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations
• Knowledge of security architecture and security program requirements
• Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code § 202, and other related security codes, documentation, standards, and best practices
• Knowledge of ITIL processes and standards
• Knowledge of standard concepts, practices, and procedures for computer operations and data center operations
• Knowledge of benchmarking activities and expectations
• Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
• Ability to promote and support the overall mission, goals, and efforts Office of the CISO and Statewide Security Program.
• Ability to learn and adapt quickly in a dynamic environment.
• Ability to manage projects to resolve complex issues in diverse and decentralized environments.
• Ability to assist executives, through discussion and facilitation, in the process of evaluating and implementing security architecture and policies.
• Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers.
• Ability to understand, follow and convey brief oral and/or written instructions.
• Ability to communicate both verbally and in writing, in a clear and concise manner.
• Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.
• Ability to work under pressure and exacting schedules to complete assigned tasks.
• Ability to work occasional overtime and/or a flexible schedule to meet required deadlines.
• Ability to travel as necessary.
• Ability to comply with all agency policy and applicable laws.
• Ability to comply with all applicable safety rules, regulations, and standards.

Computer Skills

• Proficiency in the use of a computer and applicable software necessary to perform work assignments e.g., word processing, spreadsheets (Microsoft Office preferred), project management tools (Microsoft Project preferred).

Other Requirements

• Regular and punctual attendance at the workplace.
• Criminal background check.

Working Conditions

• Frequent use of computers, copiers, printers, and telephones.
• Frequent standing, walking, sitting, listening, and talking.
• Frequent work under stress, as a team member, and in direct contact with others.
• Occasional bending, stooping, lifting, and climbing.
• Occasional extended work hours as needed, to deliver incident response services to customers.
• Occasional, as needed travel within Texas deliver incident response services to customers.