The Employees Retirement System of Texas (ERS) administers the retirement and group health benefit programs for the employees and retirees of State of Texas agencies and some higher education institutions. These benefits contribute to the financial security and overall well-being of State of Texas employees, retirees and their families and help to make Texas a great place to live, work and visit. To accomplish our agency mission, massive amount of data are collected, stored, and controlled by our Information Systems division. Our Information Security Office protects this data and is seeking an Information Security Analyst to perform advanced information security analysis work. Work involves planning, implementing, and monitoring security measure for information systems and infrastructure to regulate access to computer data file and to prevent unauthorized modification, destruction, or disclosure of information.
Essential Functions includes, but is not limited to
- Performs compliance and risk assessment audits and determines acceptable risk and risk mitigation strategies.
- Coordinates the implementation of computer system security plans with agency personnel and outside vendors.
- Confers with various division staff to discuss issues such as computer data access needs, security violations, and programming changes.
- Advises management and users regarding security procedures.
- Develops, maintains, and matures ERS security infrastructure.
- Analyzes and tests new or existing procedures, information systems, or utility programs for security vulnerabilities and recommends remediation procedures.
- Designs, modifies, and implements new or revised security controls to improve system security including policy creation for intrusion detection/prevention systems and data loss prevention systems.
- Performs technical security reviews and vulnerability scans, meeting both internal and external requirements.
- Performs risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.
- Researches, evaluates, and recommends systems and procedures for the prevention, detection, containment, and correction of data security breaches. Coordinates the design and deployment of security infrastructure and managing related program activities.
- Assists in advising management and users regarding security procedures, which includes administering security awareness training and identifying appropriate metrics for use in generating status reports.
- Creates and maintains documentation concerning security procedures.
- Provides special security information needed by other staff members for their projects.
Required Minimum Qualifications
Your application for employment must reflect how you meet each of the following minimum qualifications:
- Graduation from an accredited four-year college or university with major course work in data processing, computer science, computer information systems, or management information systems or a related field; or attainment of a diploma from a two-year technical school with specialization in computer technology. Each year of experience over the required minimum years may substitute for the education on a 30 semester hour per year basis.
- Four (4) years of experience in systems security analysis and design work in a progressively difficult role, including experience securing enterprise networks.
Your application for employment should reflect how you meet the following preferred qualifications:
- One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP) certification
- Certified Ethical Hacker (CEH)
- Certified Information System Auditor (CISA) or IT audit equivalent certification
- Global Information Assurance Certification (GIAC) certification (e.g., GSEC, GCCC, etc.)
- Experience with the following security tools:
- Vulnerability scanning/management (e.g., Nessus, Nexpose, etc.)
- Web application scanning (e.g., AppScan, Nikto, etc.)
- Log analysis (e.g., Splunk, Graylog, etc.)
- Intrusion Prevention Systems (host-based/network) and endpoint security
- Experience with computer programming and scripting languages including:
- Shell scripting
- Experience with governance, risk, and compliance (GRC) tools (e.g., Archer, Modulo, etc.).
: All applications must contain complete job histories, which includes job title, dates of employment, name of employer, supervisor's name and phone number and a description of duties performed. If this information is not submitted, your application may be rejected because it is incomplete. Resumes do not take the place of this required information.
Work is performed in an office environment. This position may require access to privileged, confidential, or sensitive data. ERS will conduct either a TXDPS or FBI criminal history check on all new hires. For more information about this policy inquiries can be made to firstname.lastname@example.org