Cybersecurity Operations Engineer; Cybersecurity Analyst II

Mission

The Texas Education Agency (TEA) will improve outcomes for all public‑school students in the state by providing leadership, guidance, and support to school systems.

• We are Determined:
  We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students.
• We are People‑Centered:
  We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.
• We are Learners:
  We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.
• We are Servant Leaders:
  Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.

The Cybersecurity Operations Engineer assists the Texas Education Agency (TEA) mission to support every Texas public school student to be ready for college, career or the military and understands the Agency must first have a workforce of high‑performing individuals who are committed to improving outcomes for Texas students.

This position is funded through December 30, 2026. Continuation beyond that date is contingent on available funding.

• Work with the Cybersecurity Operations Team Lead to improve TEA’s cybersecurity maturity, following the Texas Cybersecurity Framework.
• Follow Incident Response processes to ensure swift and proper response to cyber incidents.
• Administer security controls to prevent malware delivery, execution, and extent of cyber incidents.

• Cybersecurity Engineering:
  Implement, maintain, tune, and manage various cybersecurity tools with a primary focus on SOAR/SIEM tools, including collecting and normalizing data via log collector or APIs, managing log forwarder servers, creating alert and detection rules, configuring RBAC, and creating dashboards, visuals, and reports based on stakeholder requirements.
• Cybersecurity Analysis:
  Provide cybersecurity consultation for TEA projects that align with TEA’s Information Security Program; analyze information from various sources to improve monitoring and detect emerging threats.
• Incident Response:
  Resolve security issues in a decentralized environment; investigate, remediate, and recover from cybersecurity threats; document incidents and report to the Cybersecurity Operations Team Lead.
• Cybersecurity Advisor:
  Advise management and users regarding security policy, procedures, and best practices, especially related to maximizing utility of the SIEM/SOAR solution.

• Education:
  
  Graduation from an accredited four‑year college or university.
• Degree field(s):
  Cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field.
• Experience:
  
  At least two (2) years of experience in an enterprise environment managing and configuring an enterprise‑grade SIEM/SOAR solution, using Python or Power Shell to collect data from APIs, normalizing data, sending data to a SIEM/SOAR platform, creating alerts, dashboards, and reports; validating and deploying security controls/solutions; responding to alerts/events generated by security tools. Experience must be recent and paid.
• Substitutions:
  Each additional year of related experience may substitute for education on a year‑for‑year basis.

• Preferred experience with Crowd Strike Next Gen SIEM and/or Splunk.
• Understanding of modern threat actor techniques, tactics, and procedures (TTPs).
• Knowledge and experience with FERPA.
• Collaborative team player with a proactive approach to projects.
• Strong organizational skills and ability to manage multiple priorities.
• Excellent customer experience and relationship building skills.

As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age or veteran status, unless an applicant is entitled to the military employment preference. This position requires a pre‑employment criminal background check.