Mid-Level SOC/Cloud Security Engineer

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage. Functional Title: Mid-Level SOC/Cloud Security Engineer Job Title: Cybersecurity Analyst III Agency: Health & Human Services Comm Department: IT Security Posture EI Posting Number: 13727 Closing Date: 04/10/2026 Posting Audience: Internal and External Occupational Category: Computer and Mathematical Salary Group: TEXAS-B-27 Salary Range: $7,015.16 - $9,500.00 Pay Frequency: Monthly Shift: Day Additional Shift: Days (First) Telework: Travel: Regular/Temporary: Regular Full Time/Part Time: Full time FLSA Exempt/Non-Exempt: Exempt Facility Location: Job Location City: AUSTIN Job Location Address: 701 W 51ST ST Other Locations: MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS Brief Job Description: This position is open to permanent residents or US citizens only. The Mid-Level SOC/Cloud Security Engineer is a key member of the HHSC Cybersecurity Operations team responsible for monitoring, detecting, and responding to cybersecurity threats across enterprise and cloud environments. This role supports the protection of agency systems and sensitive data by performing security investigations, assisting with vulnerability remediation, and strengthening defensive controls. The analyst operates with moderate independence and collaborates closely with senior engineers, cloud teams, infrastructure partners, and incident responders to maintain a secure technology environment. This position contributes to the continuous improvement of HHSC's Security Operations Center (SOC) by supporting threat detection capabilities, improving visibility, and helping reduce organizational risk. The role also supports regulatory and security requirements aligned with TAC 202, HIPAA, IRS 1075, NIST 800-53, and other applicable state and federal standards. Essential Job Functions (EJFs): Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned. (30%) Security Operations Monitoring & Incident Response • Monitor security alerts and events within the SOC and perform initial triage and investigation. • Analyze logs from SIEM platforms (e.g., Splunk, Microsoft Sentinel) to identify suspicious activity. • Escalate complex or high-risk incidents to senior analysts as appropriate.• Assist in containment and remediation activities following established playbooks. • Document incidents, findings, and response actions in accordance with agency procedures. • Participate in threat hunting initiatives under senior guidance. (25%) Vulnerability Management & Risk Reduction • Support vulnerability scanning activities using enterprise tools such as Qualys. • Review scan results and work with system owners to track remediation efforts. • Assist in validating patch deployments and closure of identified vulnerabilities.• Help identify recurring security weaknesses and recommend practical improvements. • Contribute to operational reports and risk metrics. (20%) Cloud Security Operations • Assist in monitoring AWS and Azure environments for security risks and misconfigurations. • Investigate cloud-related alerts including identity anomalies, exposed services, and configuration drift. • Support implementation and tuning of cloud security tools such as CSPM and identity monitoring solutions.• Partner with cloud and DevOps teams to promote secure configuration practices. • Participate in security reviews of cloud deployments. (15%) Security Tool Administration & SIEM Support • Assist with onboarding log sources to improve monitoring coverage. • Support alert tuning efforts to reduce false positives. • Help maintain automated workflows and response playbooks.• Contribute to threat intelligence integration and enrichment activities. • Provide operational support for SOC technologies. (5%) Compliance & Documentation Support • Assist with audit requests, evidence collection, and control validation activities. • Maintain accurate documentation for investigations and operational procedures. • Ensure daily activities align with agency security policies and standards. (5%) Other Duties as Assigned Includes participation in cybersecurity incidents, disaster response, and Continuity of Operations (COOP) activities as required. Knowledge, Skills and Abilities (KSAs): Working knowledge of SOC operations, incident response processes, and threat detection concepts. Solid knowledge of incident response practices in enterprise settings. Knowledge of vulnerability scanning or remediation processes. Solid knowledge of vulnerability management practices and remediation workflows. Foundational knowledge of AWS and Azure security capabilities. Knowledge of attacker tactics and frameworks such as MITRE ATT&CK. Basic scripting or automation skills (PowerShell, Python, or similar) are a plus. Effective written and verbal communication skills. Strong analytical and problem-solving abilities. Ability to clearly document technical findings. Ability to work collaboratively in a fast-paced operational environment. Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions Registrations, Licensure Requirements or Certifications: Preferred certifications include one or more of the following: CompTIA Security+ SC-200 (Microsoft Security Operations Analyst) GIAC GSEC or GCIH (preferred) AWS Cloud Practitioner or Security Specialty (preferred) Certified Ethical Hacker (CEH) Initial Screening Criteria: Minimum 3+ years of cybersecurity experience, with at least 1-2 years in a SOC, cloud security, or security operations role. Experience working with SIEM platforms and security monitoring tools. Experience supporting cloud security environments (AWS, Azure, or similar) Experience with SIEM platforms such as Splunk, Sentinel, or similar tools is preferred. Additional Information: Candidates for this position will be subject to a pre-employment security review to determine employment eligibility. Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual. #LI-IN1 Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC. Active Duty, Military, Reservists, Guardsmen, and Veterans: Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. ADA Accommodations: In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview. Pre-Employment Checks and Work Eligibility: Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks. HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form Telework Disclaimer: This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.

Created: 2026-03-10