Cybersecurity Analyst III - Austin, United States - Texas Department of Aging & Disability Services

Description

Job Description:

As a Cybersecurity Analyst III at the Texas Department of Family and Protective Services (DFPS), you must have at least three years of relevant cybersecurity experience.

Your main duties will include researching, analyzing, recommending, configuring, and administering applications, systems, and procedures to ensure the protection of information processed, stored, or transmitted.

You will also be responsible for conducting "hands-on" computer forensics analysis for investigation and litigation support, analyzing systems and networks for security, and investigating security incidents as necessary.

The Cybersecurity Analyst III will work under the supervision of the Cybersecurity Operations Manager in our Security Operations Center (SOC).

The Cybersecurity Analyst III will develop and manage the DFPS Security Information and Event Management (SIEM) platform, as well as our Security Orchestration and Automation (SOAR) platform and Endpoint Detection and Response (EDR) tools.

The Cybersecurity Analyst III may act as a subject matter expert of the SOC environment for optimal design, engineering, and operation of the various platforms.

The Cybersecurity Analyst II will review and work with our partner teams to tune the SIEM outputs, including custom dashboards and security event notables.

The Cybersecurity Analyst III will monitor our applications and network to identify a possible cyber-attack or intrusion (event) and determines if it is a real, malicious threat (incident), and if it could have a business impact.

The Cybersecurity Analyst III will be working in our Security Operations Center (SOC) under the guidance of the Cybersecurity Operations Manager.

Their primary responsibility will be to develop and manage the DFPS Security Information and Event Management (SIEM) platform, as well as our Security Orchestration and Automation (SOAR) platform and Endpoint Detection and Response (EDR) tools.

Additionally, they may act as a subject matter expert of the SOC environment for optimal design, engineering, and operation of the various platforms.

The Cybersecurity Analyst III will collaborate with our partner teams to review and fine-tune the SIEM outputs, including custom dashboards and security event notables.

They will also be responsible for monitoring our applications and network to identify any possible cyber-attacks or intrusions (events) and determine if they pose a real, malicious threat (incident), and if they could have a business impact.

The Cybersecurity Analyst III will assist in the upkeep, maintenance, and ensuring that the SIEM and cybersecurity toolset is available and reliable.

The Cybersecurity Analyst III will also be responsible for onboarding new data sources into SIEM, analyzing the data for anomalies and trends, and building dashboards highlighting key trends.

The Cybersecurity Analyst III will assist the Chief Information Security Officer with activities such as investigations and litigation support.

The mission of DFPS is to protect children, the elderly, and people with disabilities from abuse, neglect, and exploitation by involving clients, families, and communities.

The Cybersecurity Analyst III is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective.

They will assist in planning, developing, monitoring, and maintaining cybersecurity and information technology security processes and controls.

The DFPS cybersecurity environment is very large and complex, allowing you to combine your previous experience in similar environments with your analytical skills.

This position is classified as a full-time position (40 hours a week).

It is % telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties.

Work outside of regular hours may be required, and travel to other Austin offices(s) may be required. The candidate works under limited supervision, with considerable latitude for initiative and independent judgment.

Essential Job Functions:

• Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog, and Windows Event Collector servers, cloud, and database connections with the DFPS SIEM platform.
• On-board new data sources into the SIEM, analyze the data for anomalies and trends and build dashboards highlighting key trends.
• Analyzes and investigates security alerts and helps tune and improve notables.
• Integrates SIEM with upstream data sources by automating data ingestion.
• Manages large data sets, including creating and organizing indexes.
• Analyzes and improves SIEM platform and search query performance. Ensure logs are being ingested and parsed correctly.
• Reviews and works with partner teams to tune SIEM outputs, including custom dashboards and security event notables.
• Perform regular vulnerability assessments and lead penetration testing initiatives.
• Develop and implement comprehensive incident response protocols; manage incidents from detection through resolution.
• Conduct advanced analysis of EDR (Endpoint Detection and Response) outputs and respond to alerts.
• Assess security posture against industry best practices and control frameworks and propose solutions and improvements.
• Guides internal agency partners (Information Technology Services) on log management and cybersecurity practices.
• Mentor and/or support periodic Cybersecurity Analyst Training Workshops regarding using the SIEM, best practices, and new features/capabilities.
• Participate in defining, implementing, and maintaining agency security policies and procedures and develop operational documentation and processes.
• Works to safeguard the agency against malicious code, intrusion or unauthorized access, denial-of-service attacks, and attacks by malicious actors.
• Research emerging technologies and participate in evaluating technologies that align with business goals, reduce costs, and improve reliability, scalability, and security.
• Champions information security amongst DFPS partners, sharing and promoting security awareness and safe operating procedures.
• Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives.
• Researches and remains current with emerging threats and solutions relevant to cyber security and its implementations.
• Maintains current knowledge of industry trends and standards in information security.
• Accountable for continued personal growth in technology, business knowledge, and DFPS policies and platforms.
• Serve as a DFPS Information Security Incident Response Team member as needed.
• Using forensic analysis tools, analyze security systems, media, and logs and respond to incidents as appropriate

Knowledge Skills Abilities:

• Solid working knowledge of SIEM Platform and understanding of all SIEM backend components, such as Universal Forwarders, Heavy Forwarders, Index Clusters, and Search Head Clusters.
• Capable of assessing security posture and proposing solutions and improvements against industry standards and frameworks.
• Expertise in performing security systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting.
• Experience working with scripting languages such as Python or PowerShell.
• Strong knowledge and understanding of network infrastructure components such as routers, switches, and firewalls.
• Working knowledge and understanding of networking and switching protocols and infrastructure services able to troubleshoot and identify DNS, NTP, routing, switching, and firewall issues affecting connectivity of security tools.
• Strong knowledge of incident response life cycle and steps.
• Experience analyzing network and host-based security events.
• Candidates must be adept at detailed reporting of incidents, threats, and false positives.
• Candidates must show a commitment to continuous learning and stay updated with cybersecurity trends.
• Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.
• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.