You are viewing a preview of this job. Log in or register to view more details about this job.
Email

The Texas Department of Family and Protective Services (DFPS) works to build on strengths of families and communities to keep children and vulnerable adults safe, so they thrive. We do this through investigations, services, and referrals.  

 

What You Get Beyond Your Paycheck

When you join the State of Texas, your monthly paycheck is just one part of your real income. Our benefits provide extra value that many private employers simply don’t match—often adding hundreds of dollars each month to what you take home or save.

 

Here’s what you get as a full-time employee:



  • 100% paid health insurance for you, and 50% paid for eligible family members—saving you hundreds every month in out-of-pocket medical costs


  • Retirement plans with lifetime monthly payments after five years of state service, plus options to save even more with 401(k) and 457 plans


  • Paid vacation, holidays, and sick leave so you can recharge and take care of life outside work (that’s time off you’re actually paid for)


  • Optional dental, vision, and life insurance—at rates much lower than most private plans


  • Flexible spending accounts for added tax savings on health and dependent care


  • Employee discounts on things like gym memberships, electronics, and entertainment

 

You also might qualify for Public Service Loan Forgiveness, which could help you pay off federal student loans faster.

You can see all the details here: ERS recruitment brochure

 

Functional Title: Cybersecurity Analyst II 
Job Title: Cybersecurity Analyst II 
Agency: Dept of Family & Protectve Svc 
Department: Chief Inf Security Office-Op 
Posting Number: 12160 
Closing Date: 12/30/2025 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-25 
Salary Range: $5,797.66 - $9,508.25 
Pay Frequency: Monthly
Shift: Day 
Additional Shift: Days (First) 
Telework: Eligible for Telework 
Travel: Up to 5% 
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 4900 N LAMAR BLVD 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 



Job Description:

 

As a Cybersecurity Analyst II at the Texas Department of Family and Protective Services (DFPS), you must have at least three (3) years of relevant cybersecurity experience. Your main duties will include researching, analyzing, recommending, configuring, and administering applications, systems, and procedures to ensure the protection of information processed, stored, or transmitted. You will also be responsible for conducting "hands-on" computer forensics analysis for investigation and litigation support, analyzing systems and networks for security, and investigating security incidents as necessary.

The Cybersecurity Analyst II will work under the supervision of the Cybersecurity Operations Manager in our Security Operations Center (SOC). The Cybersecurity Analyst II will develop and manage the DFPS Security Information and Event Management (SIEM) platform, as well as our Security Orchestration and Automation (SOAR) platform and Endpoint Detection and Response (EDR) tools. The Cybersecurity Analyst II may act as a subject matter expert of the SOC environment for optimal design, engineering, and operation of the various platforms. The Cybersecurity Analyst II will review and work with our partner teams to tune the SIEM outputs, including custom dashboards and security event notables. The Cybersecurity Analyst II will monitor our applications and network to identify a possible cyber-attack or intrusion (event) and determines if it is a real, malicious threat (incident), and if it could have a business impact. The Cybersecurity Analyst II will be working in our Security Operations Center (SOC) under the guidance of the Cybersecurity Operations Manager. Their primary responsibility will be to develop and manage the DFPS Security Information and Event Management (SIEM) platform, as well as our Security Orchestration and Automation (SOAR) platform and Endpoint Detection and Response (EDR) tools. Additionally, they may act as a subject matter expert of the SOC environment for optimal design, engineering, and operation of the various platforms.

The Cybersecurity Analyst II will collaborate with our partner teams to review and fine-tune the SIEM outputs, including custom dashboards and security event notables. They will also be responsible for monitoring our applications and network to identify any possible cyber-attacks or intrusions (events) and determine if they pose a real, malicious threat (incident), and if they could have a business impact. 

The Cybersecurity Analyst II will assist in the upkeep, maintenance, and ensuring that the SIEM and cybersecurity toolset is available and reliable. The Cybersecurity Analyst II will also be responsible for onboarding new data sources into SIEM, analyzing the data for anomalies and trends, and building dashboards highlighting key trends. The Cybersecurity Analyst II will assist the Chief Information Security Officer with activities such as investigations and litigation support.

The mission of DFPS is to protect children, the elderly, and people with disabilities from abuse, neglect, and exploitation by involving clients, families, and communities.  

The Cybersecurity Analyst II is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective.  They will assist in planning, developing, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is very large and complex, allowing you to combine your previous experience in similar environments with your analytical skills. 

This position is classified as a full-time position (40 hours a week). It is 100% telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required, and travel to other Austin offices(s) may be required. The candidate works under limited supervision, with considerable latitude for initiative and independent judgment.      

Essential Job Tasks:

 


  • Support and maintain complete logging infrastructure including, but not limited to, log storage, syslog, and Windows Event Collector servers, cloud, and database connections with the DFPS SIEM platform.

  • On-board new data sources into the SIEM, analyze the data for anomalies and trends and build dashboards highlighting key trends.

  • Analyzes and investigates security alerts and helps tune and improve notables.

  • Integrates SIEM with upstream data sources by automating data ingestion.

  • Manages large data sets, including creating and organizing indexes.


  • Analyzes and improves SIEM platform and search query performance. Ensure logs are being ingested and parsed correctly.

  • Reviews and works with partner teams to tune SIEM outputs, including custom dashboards and security event notables.

  • Perform regular vulnerability assessments and lead penetration testing initiatives.

  • Develop and implement comprehensive incident response protocols; manage incidents from detection through resolution.

  • Conduct advanced analysis of EDR (Endpoint Detection and Response) outputs and respond to alerts.

  • Assess security posture against industry best practices and control frameworks and propose solutions and improvements.

  • Guides internal agency partners (Information Technology Services) on log management and cybersecurity practices.

  • Mentor and/or support periodic Cybersecurity Analyst Training Workshops regarding using the SIEM, best practices, and new features/capabilities.

  • Participate in defining, implementing, and maintaining agency security policies and procedures and develop operational documentation and processes.

  • Works to safeguard the agency against malicious code, intrusion or unauthorized access, denial-of-service attacks, and attacks by malicious actors.

  • Research emerging technologies and participate in evaluating technologies that align with business goals, reduce costs, and improve reliability, scalability, and security.

  • Champions information security amongst DFPS partners, sharing and promoting security awareness and safe operating procedures.

  • Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives.

  • Researches and remains current with emerging threats and solutions relevant to cyber security and its implementations.

  • Maintains current knowledge of industry trends and standards in information security.

  • Accountable for continued personal growth in technology, business knowledge, and DFPS policies and platforms.

  • Serve as a DFPS Information Security Incident Response Team member as needed. 

  • Using forensic analysis tools, analyze security systems, media, and logs and respond to incidents as appropriate. 

 

Registrations, Licensure Requirements or Certifications:



  • Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, network engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Work experience may be substituted for education on a year-for-year basis.

  • 3 years of related cybersecurity experience, including experience as a SOC analyst.

  • Industry-recognized certification related to cybersecurity (SANS, ISACA, ISC², CompTIA, etc.) is a plus but not required. The ability to complete certification within one (1) year is required.


  • Crowdstrike Certified Falcon Responder (CCFR), Crowdstrike Certified Falcon Hunter (CCFH), or other Crowdstrike certifications are highly preferred.

 

Knowledge, Skills, and Abilities:


  • Solid working knowledge of SIEM Platform and understanding of all SIEM backend components, such as Universal Forwarders, Heavy Forwarders, Index Clusters, and Search Head Clusters.

  • Capable of assessing security posture and proposing solutions and improvements against industry standards and frameworks.

  • Expertise in performing security systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting.

  • Experience working with scripting languages such as Python or PowerShell.

  • Strong knowledge and understanding of network infrastructure components such as routers, switches, and firewalls.

  • Working knowledge and understanding of networking and switching protocols and infrastructure services able to troubleshoot and identify DNS, NTP, routing, switching, and firewall issues affecting connectivity of security tools.

  • Strong knowledge of incident response life cycle and steps.

  • Experience analyzing network and host-based security events.

  • Candidates must be adept at detailed reporting of incidents, threats, and false positives.

  • Candidates must show a commitment to continuous learning and stay updated with cybersecurity trends.

  • Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.

  • Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.

 

Initial Screening Criteria:

 

  • Graduation from an accredited four-year college or university; experience may be substituted for education on a year-for-year basis.

 

  • 3 years’ hands-on experience administering, maintaining, and scaling security toolsets.

 

Note: You must meet the minimum initial screening criteria to be considered. You should not apply if your submittal documents do not reflect experience meeting the initial screening criteria.

 

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. You may also contact the DFPS Military Liaison at dfpsmilvets@dfps.texas.gov with additional questions.

Applicants selected for hire must pass a background check and if applicable a driver’s record check.

State of Texas employees are required to maintain the security and integrity of critical infrastructure as defined in Section 117.001(2), State of Texas Business and Commerce Code. Applicants selected for hire comply with this code by completing related training and abiding by agency cybersecurity and communications system usage policies.

As a state agency, DFPS is required by Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files. 

DFPS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Employees must provide documentation to DFPS to show their identity and authorization to work in the US. Please review the following link for authorized documents: https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .

In compliance with the Americans with Disabilities Act (ADA), HHS/DFPS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS/DFPS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.