Job Specifications
Date: Feb 9, 2026
Location:
AUSTIN, TX
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title: Mid-Level SOC/Cloud Security Engineer
Job Title: Cybersecurity Analyst III
Agency: Health & Human Services Comm
Department: IT Security Posture EI
Posting Number: 13727
Closing Date: 04/10/2026
Posting Audience: Internal and External
Occupational Category: Computer and Mathematical
Salary Group: TEXAS-B-27
Salary Range: $7,015.16 - $9,500.00
Pay Frequency: Monthly
Shift: Day
Additional Shift: Days (First)
Telework
Travel:
Regular/Temporary: Regular
Full Time/Part Time: Full time
FLSA Exempt/Non-Exempt: Exempt
Facility Location:
Job Location City: AUSTIN
Job Location Address: 701 W 51ST ST
Other Locations:
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS
Brief Job Description
This position is open to permanent residents or US citizens only.
The Mid-Level SOC/Cloud Security Engineer is a key member of the HHSC Cybersecurity Operations team responsible for monitoring, detecting, and responding to cybersecurity threats across enterprise and cloud environments. This role supports the protection of agency systems and sensitive data by performing security investigations, assisting with vulnerability remediation, and strengthening defensive controls.
The analyst operates with moderate independence and collaborates closely with senior engineers, cloud teams, infrastructure partners, and incident responders to maintain a secure technology environment. This position contributes to the continuous improvement of HHSC’s Security Operations Center (SOC) by supporting threat detection capabilities, improving visibility, and helping reduce organizational risk.
The role also supports regulatory and security requirements aligned with TAC 202, HIPAA, IRS 1075, NIST 800-53, and other applicable state and federal standards.
Essential Job Functions (EJFs)
Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned.
(30%) Security Operations Monitoring & Incident Response
Monitor security alerts and events within the SOC and perform initial triage and investigation.
Analyze logs from SIEM platforms (e.g., Splunk, Microsoft Sentinel) to identify suspicious activity.
Escalate complex or high-risk incidents to senior analysts as appropriate.
Assist in containment and remediation activities following established playbooks.
Document incidents, findings, and response actions in accordance with agency procedures.
Participate in threat hunting initiatives under senior guidance.
(25%) Vulnerability Management & Risk Reduction
Support vulnerability scanning activities using enterprise tools such as Qualys.
Review scan results and work with system owners to track remediation efforts.
Assist in validating patch deployments and closure of identified vulnerabilities.
Help identify recurring security weaknesses and recommend practical improvements.
Contribute to operational reports and risk metrics.
(20%) Cloud Security Operations
Assist in monitoring AWS and Azure environments for security risks and misconfigurations.
Investigate cloud-related alerts including identity anomalies, exposed services, and configuration drift.
Support implementation and tuning of cloud security tools such as CSPM and identity monitoring solutions.
Partner with cloud and DevOps teams to promote secure configuration practices.
Participate in security reviews of cloud deployments.
(15%) Security Tool Administration & SIEM Support
Assist with onboarding log sources to improve monitoring coverage.
Support alert tuning efforts to reduce false positives.
Help maintain automated workflows and response playbooks.
Contribute to threat intelligence integration and enrichment activities.
Provide operational support for SOC technologies.
(5%) Compliance & Documentation Support
Assist with audit requests, evidence collection, and control validation activities.
Maintain accurate documentation for investigations and operational procedures.
Ensure daily activities align with agency security policies and standards.
(5%) Other Duties as Assigned
Includes participation in cybe