Cybersecurity Analyst II

TX-HHSC-DSHS-DFPSAustin, TX
$5,798 - $9,500Onsite

About The Position

This position is open to permanent residents or US citizens only. The Cybersecurity Analyst II performs advanced information security analysis with a focus on cloud security, web application protection, and governance, risk, and compliance activities. The position supports both on‑premises and cloud environments by evaluating, implementing, and monitoring security controls to prevent unauthorized access, modification, or disclosure of information resources. The analyst conducts security assessments and risk-based needs assessments across assigned systems. Responsibilities include assisting with the development of System Security Plans (SSPs), documenting vulnerabilities and corrective actions, analyzing administrative, technical, and operational controls, and preparing audit documentation, formal reports, and leadership‑level reporting. The role also provides advisory services to business partners, offering guidance on secure architecture, secure application development practices, and cloud configuration requirements. The analyst maintains compliance and risk artifacts in a Governance, Risk, and Compliance (GRC) platform, supports Authorization to Operate (ATO) activities, and delivers targeted security training to agency stakeholders. Work is performed under limited supervision with significant latitude for independent judgment.

Requirements

  • Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another on a year for year basis.
  • At least 2 years’ experience in information security analysis work.
  • Ability to advise diverse stakeholders on secure architecture, secure application development standards, and cloud security best practices; ability to deliver focused security training.
  • Ability to prepare audit documentation, assessment reports, Authorization to Operate (ATO) packages, and leadership reporting with clear, concise communication.
  • Skill in risk analysis and vulnerability management, including validation and prioritization of scan results and tracking remediation to closure.
  • Skill in conducting security and risk-based needs assessments of automated systems and business initiatives; ability to analyze administrative, technical, and operational controls and supporting evidence.
  • Knowledge of enterprise Governance, Risk, and Compliance (GRC) platforms such as RSA Archer; skill in maintaining risk records, POA&Ms, exceptions, and continuous monitoring evidence.
  • Knowledge of NIST SP 800-53 control families, NIST RMF steps, DIR security control standards, and agency CISO policies; skill in applying control requirements to systems and documenting implementation within SSPs.
  • Knowledge of cloud security posture management (CSPM) concepts and tooling; ability to evaluate cloud configurations for misconfigurations and control gaps across Azure and AWS environments.

Nice To Haves

  • Experience developing and implementing information technology (IT) security training and awareness programs, policy, standards, and/or procedures preferred.
  • Experience with cloud security in Azure and/or AWS, including review of security configurations and assessment of web application security risks preferred.
  • Prefer one or more of the following certifications: CompTIA Security+, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or similar security certifications.

Responsibilities

  • Provides security and risk management services by performing risk identification, assessment, and remediation, as well as regulatory and internal compliance monitoring; uses established standards and processes to adequately protect Health and Human Services (HHS) personnel, facilities, cloud infrastructure, information, and business operations.
  • Performs cyclical and periodic technology risk assessments of cloud environments such as Microsoft Azure and Amazon Web Services (AWS) and on‑premises environments; reviews technology use within business initiatives; conducts web application security analysis, vulnerability analysis, and evaluates emerging threats.
  • Facilitates risk assessment sessions with Information Owners and Custodians; identifies and documents threats, vulnerabilities, likelihood, impact, and mitigation strategies; records risks, exceptions, and Risk-Based Decisions in a GRC tool; validates vulnerability scan results, prioritizes findings, and tracks remediation.
  • Develops, updates, and maintains System Security Plans (SSPs) for systems and applications in alignment with applicable state and federal requirements.
  • Collaborates with program teams, Information Owners, and Custodians to collect, validate, and document security control implementation evidence.
  • Ensures Security System Plans align with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST Risk Management Framework (RMF), Department of Information Resources (DIR) standards, and agency CISO policies.
  • Plans and conducts security assessments to evaluate the effectiveness of administrative, technical, and operational security controls across assigned systems; reviews and analyzes supporting documentation and evidence.
  • Documents assessment results, prepares formal reports, and tracks remediation and corrective actions such as Plans of Action and Milestones (POA&Ms) to completion.
  • Performs risk-based needs assessments of automated systems to identify information security requirements; evaluates agency systems—including infrastructure, processes, and procedures—with a specific focus on cloud security posture management (CSPM) and web application vulnerabilities to discover compliance needs and gaps.
  • Maintains security artifacts, risk records, POA&Ms, continuous monitoring evidence, and compliance documentation within a GRC tool such as RSA Archer; supports Authorization to Operate (ATO) activities and ongoing monitoring requirements to ensure systems remain compliant with regulatory and agency security standards.
  • Prepares documentation, reporting packages, and audit responses for internal reviews, external audits, and leadership inquiries.
  • Advises management and users regarding enterprise security program functions, including cloud security best practices and secure application development standards; provides targeted training to agency customers within assigned specific security domains.
  • Performs or leads other duties as assigned.

Benefits

  • 100% paid employee health insurance for full-time eligible employees
  • a defined benefit pension plan
  • generous time off benefits
  • numerous opportunities for career advancement
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service