SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 78714, Austin, TX
  3. Cybersecurity Analyst II

Cybersecurity Analyst II

TX-HHSC-DSHS-DFPS
Posted 9 days ago, valid for 17 days
Location

Austin, TX 78714, US

Salary

Competitive

Contract type

Full Time

Health Insurance
Retirement Plan

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

 

Functional Title: Cybersecurity Analyst II 
Job Title: Cybersecurity Analyst II 
Agency: Health & Human Services Comm 
Department: CHIEF INFO SECURITY OFFICE 
Posting Number: 14552 
Closing Date: 06/04/2026 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Range: $5,797.66 - $8,817.75 
Pay Frequency: Monthly
Salary Group: TEXAS-B-25 
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel:  
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 701 W 51ST ST 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 



Brief Job Description:

This position is open to permanent residents or US citizens only.

 

The Cybersecurity Analyst II performs advanced information security analysis with a focus on cloud security, web application protection, and governance, risk, and compliance activities. The position supports both on‑premises and cloud environments by evaluating, implementing, and monitoring security controls to prevent unauthorized access, modification, or disclosure of information resources.

 

The analyst conducts security assessments and risk-based needs assessments across assigned systems. Responsibilities include assisting with the development of System Security Plans (SSPs), documenting vulnerabilities and corrective actions, analyzing administrative, technical, and operational controls, and preparing audit documentation, formal reports, and leadership‑level reporting.

 

The role also provides advisory services to business partners, offering guidance on secure architecture, secure application development practices, and cloud configuration requirements. The analyst maintains compliance and risk artifacts in a Governance, Risk, and Compliance (GRC) platform, supports Authorization to Operate (ATO) activities, and delivers targeted security training to agency stakeholders. Work is performed under limited supervision with significant latitude for independent judgment.

 

Essential Job Functions (EJFs):

Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned.

 

1. Security and Risk Management Services (30%)

  • Provides security and risk management services by performing risk identification, assessment, and remediation, as well as regulatory and internal compliance monitoring; uses established standards and processes to adequately protect Health and Human Services (HHS) personnel, facilities, cloud infrastructure, information, and business operations.
  • Performs cyclical and periodic technology risk assessments of cloud environments such as Microsoft Azure and Amazon Web Services (AWS) and on‑premises environments; reviews technology use within business initiatives; conducts web application security analysis, vulnerability analysis, and evaluates emerging threats.
  • Facilitates risk assessment sessions with Information Owners and Custodians; identifies and documents threats, vulnerabilities, likelihood, impact, and mitigation strategies; records risks, exceptions, and Risk-Based Decisions in a GRC tool; validates vulnerability scan results, prioritizes findings, and tracks remediation.

 

 2. System Security Planning (25%)

  • Develops, updates, and maintains System Security Plans (SSPs) for systems and applications in alignment with applicable state and federal requirements.
  • Collaborates with program teams, Information Owners, and Custodians to collect, validate, and document security control implementation evidence.
  • Ensures Security System Plans align with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST Risk Management Framework (RMF), Department of Information Resources (DIR) standards, and agency CISO policies.

 

3. Security and Risk-Based Needs Assessments (25%)

  • Plans and conducts security assessments to evaluate the effectiveness of administrative, technical, and operational security controls across assigned systems; reviews and analyzes supporting documentation and evidence.
  • Documents assessment results, prepares formal reports, and tracks remediation and corrective actions such as Plans of Action and Milestones (POA&Ms) to completion.
  • Performs risk-based needs assessments of automated systems to identify information security requirements; evaluates agency systems—including infrastructure, processes, and procedures—with a specific focus on cloud security posture management (CSPM) and web application vulnerabilities to discover compliance needs and gaps.

 

4. Provides Governance, Risk, and Compliance (GRC) Continuous Monitoring, Advisory, and Training Support (15%)

  • Maintains security artifacts, risk records, POA&Ms, continuous monitoring evidence, and compliance documentation within a GRC tool such as RSA Archer; supports Authorization to Operate (ATO) activities and ongoing monitoring requirements to ensure systems remain compliant with regulatory and agency security standards.
  • Prepares documentation, reporting packages, and audit responses for internal reviews, external audits, and leadership inquiries.
  • Advises management and users regarding enterprise security program functions, including cloud security best practices and secure application development standards; provides targeted training to agency customers within assigned specific security domains.

 

5. Performs or leads other duties as assigned. (5%)

 

Knowledge, Skills, and Abilities (KSAs):

  • Knowledge of NIST SP 800-53 control families, NIST RMF steps, DIR security control standards, and agency CISO policies; skill in applying control requirements to systems and documenting implementation within SSPs.
  • Knowledge of cloud security posture management (CSPM) concepts and tooling; ability to evaluate cloud configurations for misconfigurations and control gaps across Azure and AWS environments.
  • Knowledge of enterprise Governance, Risk, and Compliance (GRC) platforms such as RSA Archer; skill in maintaining risk records, POA&Ms, exceptions, and continuous monitoring evidence.
  • Skill in risk analysis and vulnerability management, including validation and prioritization of scan results and tracking remediation to closure.
  • Skill in conducting security and risk-based needs assessments of automated systems and business initiatives; ability to analyze administrative, technical, and operational controls and supporting evidence.
  • Ability to advise diverse stakeholders on secure architecture, secure application development standards, and cloud security best practices; ability to deliver focused security training.
  • Ability to prepare audit documentation, assessment reports, Authorization to Operate (ATO) packages, and leadership reporting with clear, concise communication.
  • Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

 

Registrations, Licensure Requirements or Certifications:

Prefer one or more of the following certifications:

  • CompTIA Security+
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Global Information Assurance Certification (GIAC) or similar security certifications.

 

Initial Screening Criteria:

Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another on a year for year basis.

 

At least 3 years of experience in information security analysis work.

 

Experience developing and implementing information technology (IT) security training and awareness programs, policy, standards, and/or procedures.

 

Experience with cloud security in Azure and/or AWS, including review of security configurations and assessment of web application security risks.

 

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

 

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

 

This is an onsite position based in Austin, TX. Selected candidate must be willing to commute to the office on the required days.

 

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

 

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

 

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

 

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

 

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs