0000007398.SENIOR CYBERSECURITY ANALYST.INFO TECH SERVICES

About The Position

Requirements

• Education and experience equivalent to a Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study.
• Six (6) years of IT experience in cybersecurity operations, including roles such as Security Analyst, Security Engineer, or SOC Analyst.
• Strong communication skills, both written and verbal, for collaboration and reporting.
• Ability to work independently and effectively in a team-oriented environment.
• Strong analytical, organizational, and documentation skills.
• Excellent verbal and written communication skills with the ability to present findings to both technical teams and executive stakeholders.
• Ability to create, implement and support security policies, procedures, and operational controls.
• Ability to engage and manage engagement with 3rd party security vendors, and managed security service providers.
• Knowledge of implementing, managing and configuring security and threat monitoring tools including SIEM (Security Information and Event Management), SOAR (Security, Orchestration, Automation & Response), EDR (Endpoint Detection and Response), DLP (Data Loss Prevention) technologies.
• Ability to participate in an on-call rotation for after-hours security incident escalation.
• Advanced knowledge of cybersecurity operations, including SIEM management, threat detection, and hands-on incident response.
• Ability to lead or mentor junior analysts or coordinate team-based incident investigations.
• Knowledge of regulatory and compliance frameworks such as CJIS, HIPAA, PCI-DSS, NIST 800-53, ISO 27001, and risk assessment methodologies.
• Ability to enforce and manage regulatory compliance standards such as CJIS, HIPAA, NIST, or similar frameworks.
• Skill in threat hunting, forensic analysis, malware behavior analysis, and endpoint forensics platforms.
• Skill in interpreting and correlating alerts from multiple sources (EDR, firewalls, cloud logs, email gateways, identity systems) to identify sophisticated attacks or insider threats.
• Experience in scripting or programming abilities (e.g., Python, PowerShell) for automating security tasks or parsing large datasets.
• Experience with cloud-native security tools and monitoring across Microsoft Azure, AWS, or Google Cloud environments.
• Ability to contribute to security policy development, control testing, and continuous improvement of security monitoring capabilities.
• Ability to conduct post-incident reviews, root cause analysis, and draft executive-level incident reports.
• Ability to manage high-pressure situations and lead coordinated response efforts during security incidents.
• Skilled in technical security and the ability to interpret and apply security policy and standards.
• Knowledge of security tooling (SIEM, EDR, DLP), security response automation, and proactive threat hunting.
• Must have a valid Texas Driver's License and good driving record.
• Will be required to provide a copy of 10-year driving history.
• Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code.
• Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems.
• Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• GCIH
• GCIA
• CompTia Cybersecurity Analyst (CySA+)
• Relevant security certifications a plus

Responsibilities

• Responds to and investigates escalated security tickets, requests, alerts, and events.
• Performs advanced triage, and coordinates with technical teams to ensure containment, and documents incident response activities.
• Supports daily operations of the County's security infrastructure, including SIEM, endpoint detection and response, and related tooling.
• Performs alert tuning, rule validation, and ensures reliable telemetry flow into security platforms.
• Conducts proactive threat hunting activities across SIEM, EDR, and available log sources.
• Analyzes behavioral patterns and threat intelligence to identify anomalous activity.
• Develops hypotheses, executes investigations, and reports findings.
• Manages incoming security-related tickets, requests, and inquiries from internal departments.
• Prioritizes and tracks resolution, provides technical guidance, and ensures timely communication and closure of support cases.
• Develops and maintains operational documentation, including incident response runbooks, standard operating procedures (SOPs), technical workflows, and knowledgebase articles.
• Ensures documentation is version-controlled and aligned with policy and tool changes.
• Participates in IT and security-related projects by providing technical guidance, control implementation support, and input on security design considerations.
• Collaborates with Engineering and IT to ensure secure system configurations.
• Contributes to the development and maintenance of IT security policies, procedures, and operational standards.
• Works with Security Compliance, Engineering, and IT teams to ensure technical controls support Dallas County policies and regulatory requirements.
• Performs other duties as assigned.