Cybersecurity Analyst III (Senior Cybersecurity Incident Response Team (CIRT) Analyst/Technical Writer)

Job Title
Cybersecurity Analyst III / (Senior Cybersecurity Incident Response Team (CIRT) Analyst/Technical Writer)

Job Posting:         





Open Until Filled

Position Title:      

Cybersecurity Analyst III / (Senior Cybersecurity Incident Response Team (CIRT) Threat Analyst/Technical Writer)



Military Occupation Specialty Code:

Army-17C, 25D, 26A, 26B, 26Z; Navy-IS, 683X; Coast Guard-IS, CYB10, CYB11, CYB12, CYB13, CYB14; Marine Corps-0631, 0639, 0679, 0605; Air Force-3D0X2, 3D1X1, 14NX



Number of Vacancies:



Office of the Chief Information Security Office / Security Operations

Salary Range:

$7699.17-$7916.67 / Monthly



Hours Worked Weekly:     






Agency Address: 

300 W. 15th St, Austin, TX 78701

Web site:

Refer Inquiries to:              

Human Resources


(512) 463-5920 or (512) 475-4612


  • You must create a CAPPS Career Section candidate profile or be logged in to apply
  • Update your profile and apply for the job by navigating through the pages and steps
  • Once ready, select “Submit” on the “Review and Submit” page


  • Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
  • Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Interview Place/Time:

Candidates will be notified for appointments as determined by the selection committee.


Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.


The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability.  Please call 512-463-5920 to request reasonable accommodations.


The Texas Department of Information Resources is the state agency charged with protecting the state’s data and critical technology infrastructure, managing a multi-million-dollar cooperative contracts program, and providing strategic technology leadership, solutions, and innovation to all levels of Texas government.  DIR is a fast-paced and collaborative environment with highly motivated and engaged employees dedicated to achieving the best value for the state.

A role within the Office of the State Chief Information Security Officer (OCISO) that combines progressive incident response program development, works with many diverse organizations, plans for, and responds to Cyber events, and reviews and communicates threats and vulnerabilities to a wide range of stakeholders.  You will play a critical role in responding to cybersecurity incidents in Texas and preparing our state for future cyber incidents.  If you are looking to be a changemaker, this role is for you!

Performs highly advanced (senior-level) cybersecurity analysis work. Work involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. Will be a visible figure in the state’s efforts to develop, expand, and deliver cybersecurity incident response services, standards, analysis, and guidance. This role works with data to identify patterns, uses judgment to form conclusions that may challenge conventional wisdom, and hypothesizes new threats and indicators of compromise that may impact the State of TX.  This role will monitor threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs), and identify the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks to protect DIR and its customers.  Will interact frequently with state agencies, institutions of higher education, local governmental officials, and other interagency personnel using a variety of communication mechanisms to engage and deliver incident response services, information, and Threat Research and analysis reports.  Work with the rest of the OCISO team to collaboratively identify and deliver statewide security program improvements and continuously improve the security posture of the state of Texas as a whole. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.  May, at times, assign and/or supervise the work of others.


The ideal candidate will have the ability to highlight their strengths in the following functions:

  • Provide Threat intelligence and CIRT program management to support the overall security posture of the State of Texas, including Its agencies, institutions of higher education, cities, counties, special districts, and other qualified governmental entities. Ensures the delivery of threat intelligence collected from incident engagements to threat intelligence teams and content creators for the purpose of operationalizing information gathered. Advises and presents significant emerging threats and provides both strategic and tactical steps to counteract these threats to the Department leadership and state cybersecurity community.
  • Plays a key role in the OCISO by supporting cyber incident response activities and services for any eligible governmental entity across the state of Texas and providing recommendations to prevent cybersecurity incidents. Supports the planning, exercise, and preparedness of various local and state government partners to mature the state’s incident response capability. Researches, identifies, evaluates, and recommends systems and procedures in the field of Cybersecurity. Confers with agencies to discuss issues relating to information security.
  • In consultation with the DIR leadership, OCISO team, and other relevant stakeholders, develop and potentially delivers tabletop preparedness exercises at the executive committee level, and at the technical or analyst level at least annually. Conducts threat assessments to identify what threats are most likely to target DIR and its customers, and how they would execute their attacks.
  • Ensures execution of the incident response process to the resolution of the incident. Assists in e-discovery and digital forensics chain of custody procedures when necessary. Ensures generation, maintenance, and protection of required incident records, such as investigator journals. Maintains situational awareness for cyber threats across the organization and drives the appropriate or commensurate response activities, where necessary. Utilize open source and commercial intelligence providers to gain insight into adversary tactics, techniques, and procedures, as well as planned activities and emerging motivations.
  • Coordinate with industry partners, government agencies (including law enforcement and intelligence agencies,) and other specialists to establish and maintain situational awareness of current and emerging risks and threats to the state. Coordinate with the DIR Network Security Operations Center (NSOC), any Regional Security Operations Centers (RSOC) and at times Federally provided Security Operations Center ex: MS-ISAC SOC, provided internally or by an externally managed security services provider, to identify and assess security incidents
  • Develops, maintains, or supports a host of products, including reports, plans, guides, procedures, and other threat intelligence resources which support the state’s capability to identify current and emerging security risks to the state of Texas.
  • Researches, outlines, writes, and edits new and existing content, working closely with the OCISO team to understand project requirements. Works with the CIRT to identify all documentation repositories, revise and edit, and determine the best solution for data compilation and centralized storage. Works within the CIRT to prepare, review, revise, and maintain technical documents, including procedures and policies such as DIR Redbook, CIRT playbook, and other required documentation. Routinely updates existing documentation to support an ever-evolving threat landscape. Determines the type of documentation that will best serve the organization's needs and support quarterly reviews of the incident response plan to ensure accuracy in accordance with DIR guidance and procedures for CIRT response activities.
  • Performs related work as assigned.


  • Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field
  • Additional years of work-related experience may be used to substitute for each year of formal education. (High School diploma or equivalent certificate required.)


  • Five (5) years of progressively responsible experience in the IT industry.
  • Five (5) years of progressively responsible experience in information technology security
  • Two (2) years of program or project management development and implementation.


  • Project management experience in an information technology environment
  • Experience and training in analyzing, recommending, developing, and implementing cogent enterprise-wide policies, standards, and guidelines
  • Experience working with state or federal IT regulatory issues and processes.
  • Experience in researching and documenting findings on information technology issues, processes, or programs.
  • Experience in developing documentation, editing, process documentation, public presentations, and other written and verbal communication experience.
  • Have or working towards obtaining Certified Ethical Hacker (CEH) Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), GIAC Security Essentials Certifications, GIAC Certified Intrusion Analyst, Global Information Assurance Certification or similar certification, or serve as a SME on a certification creation committee or equivalent.


  • Knowledge of applied “sound security” concepts, such as the principle of least privilege, the use of multi-factor authentication, and identity and access management.
  • Broad understanding of the cybersecurity landscape including identity management, access management, access governance, and privileged access management capabilities and methodologies
  • Knowledge of generally accepted information technology standards and practices; of information technology practices; and information technology management practices.
  • Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations
  • Knowledge of security architecture and security program requirements
  • Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code § 202, and other related security codes, documentation, standards, and best practices
  • Knowledge of ITIL processes and standards
  • Knowledge of standard concepts, practices, and procedures for computer operations and data center operations
  • Knowledge of benchmarking activities and expectations
  • Demonstrated documentation skills.
  • Demonstrated ability to analyze large data sets and identify anomalies  
  • Demonstrated ability to quickly create and deploy countermeasures under pressure 
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in Python or other relevant command languages  
  • Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
  • Ability to promote and support the overall mission, goals, and efforts Office of the CISO and Statewide Security Program.
  • Ability to learn and adapt quickly in a dynamic environment.
  • Ability to manage projects to resolve complex issues in diverse and decentralized environments
  • Ability to assist executives, through discussion and facilitation, in the process of evaluating and implementing security architecture and policies
  • Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers
  • Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment
  • Ability to understand, follow, and convey complex oral and/or written instructions
  • Ability to communicate both verbally and in writing in a clear and concise manner
  • Ability to work under pressure and exacting schedules to complete assigned tasks
  • Ability to work occasional overtime and/or a flexible schedule as needed to meet required deadlines
  • Ability to travel as necessary
  • Ability to comply with all agency policies and applicable laws
  • Ability to comply with all applicable health and safety rules, regulations, and standards


  • Proficiency in the use of a personal computer and applicable software necessary to perform work assignments e.g., word processing, Visio (or similar), spreadsheets (Microsoft Office preferred), and project management tools (Microsoft Project preferred).


  • If notified outside of normal working hours of a potential incident, the Senior Cybersecurity Incident Response Team (CIRT) Technical Writer will be expected to perform the duties of the position to the extent required to respond to the Cyber Incident.
  • Regular and punctual attendance.
  • Criminal background check


  • Exposure to the standard office environment and office conditions
  • The job involves a moderate amount of walking daily
  • Frequent use of personal computers, copiers, printers, and telephone
  • Frequent sitting, listening, and talking
  • Frequent work under stress, as a team member, and in direct contact with others
  • Occasional bending and stooping
  • Infrequent lifting and climbing
  • May occasionally work extended hours
  • May occasionally travel

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.