This position is fully grant-funded with a grant end date of August 31, 2024.

Classification:  Administrative/Professional

Exemption Status:  Exempt                                                  

Job Grade:  5

Department:  Texas Education Exchange                                                     

Reports To:  Director

Job Goal:

Responsible for safeguarding the computer networks, cloud systems, and data environments for the Texas Education Exchange’s customers across the state. Responsibility includes developing and implementing security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks and successfully obtaining and retaining Texas Risk and Authorization Management Program (TX-RAMP)  certification. The position is also responsible for ensuring that information security policies and procedures for the Texas Education Exchange are enforced and comply with federal and state laws, regulations, and standard industry best practices.

Qualifications:

Education

Bachelor’s degree from an accredited college/university, or equivalent practical work experience

Experience

1. Three years of experience with security engineering and architecture
2. Experience developing and documenting information security and service continuity policies and procedures
3. Knowledge of TEA and House and Senate Bill cybersecurity requirements
4. Knowledge of Cybersecurity best practices
5. Strong working knowledge and experience within the cybersecurity domain, including cyber defense, threat and vulnerability management, advanced security analytics, data security, identity management, security operations, and managed security services
6. Experience in network security (VPN, SIEM, URL Filtering, and web content filtering)
7. Experience with the secure deployment of workloads into public cloud services (AWS, Azure, Google)
8. Implementation of TLE, CIS, and NIST security frameworks, including creating and managing policies and rulesets

Special Knowledge and Skills

1. Strong working knowledge of network firewalls and web application firewalls
2. Knowledge of cybersecurity and security technology, including firewall, endpoint protection, backup, archiving, and reporting tools
3. Expertise in developing solutions based on threat assessments
4. Proven analytical, problem-solving, and troubleshooting skills
5. Ability to fully manage a security project independently and develop solution proposals
6. Extensive Microsoft and Linux operating system knowledge
7. Knowledge of routing protocols (OSPF, BGP, IGRP/EIGRP)
8. Excellent organizational, communication, and interpersonal skills
9. Outstanding team player, able to operate efficiently in cross-functional and cross-departmental roles
10. Strong written and verbal communication skills and the ability to build and maintain effective working relationships with those encountered in the course of employment

Preferred Qualifications

1. Bachelor’s Degree from an accredited college/university in the field of Computer Science, Telecommunications, or Management
2. Experience with Computer Forensics, investigating and analyzing how and why a breach or other compromise occurred
3. Experience with Information Security Risk Management processes and methodologies
4. GIAC, CISM, and/or CISSP certifications

Major Responsibilities:

1. Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
2. Maintain and update security documentation, including diagrams, security standards, and disaster recovery manuals.
3. Provide expertise, guidance, recommendations, and documented security configurations for implementing security tools and processes.
4. Supervise and evaluate internal and external cybersecurity programs, including the guidance of staff in other departments to meet cybersecurity requirements.
5. Use penetration and vulnerability analysis of various products and applications, and provide professionally written reports, including deep technical analysis and high-level non-technical overview.
6. Monitor system log information for evidence of compromise; respond to and report security incidents.
7. Develop and implement cybersecurity processes and procedures to ensure cybersecurity threats are mitigated.
8. Develop and report on information security metrics and key security, risk, and compliance indicators.
9. Serve as the Subject Matter Expert (SME) for security-related issues and initiatives and lead the Exchange Cybersecurity Taskforce.
10. Administer ongoing information security education and awareness programs.
11. Develop and provide cybersecurity and related training.
12. Participate in and actively collaborate with key internal and external stakeholders, industry groups and law enforcement to understand threats and leading practices.
13. Provide documentation and reporting as specified by any applicable state grant that funds this position.
14. Other duties as assigned.

Supervision/Personnel Management:

None

Physical Demands/Environmental Factors/ Mental Demands:

Frequent use of standard office equipment; prolonged sitting; occasional bending/stooping, pushing/pulling, and twisting; repetitive hand motions (keyboarding and use of a mouse); occasional lifting and carrying (up to 15 pounds); may work prolonged and irregular hours; work with frequent interruptions; maintain emotional control under pressure.