Job Description

Required Qualifications: Applicants must specifically address how they meet these required qualifications to meet the requirements of the position.
General understanding of the structure and protocols in the TCP/IP suite and other networking technologies.
Knowledge of computer networks, server, and desktop operating systems.
Ability to forge and sustain effective and productive working relationships between a wide range of members of project teams and work groups.
Strong organizational, analytical, and problem-solving skills.
Heightened concern for confidentiality and attention to detail.
Effectiveness in dealing with multiple concurrent assignments and sudden changes in priorities.
Willingness and availability to work occasional weekend/evening assignments and overtime in both scheduled and unscheduled activities.
Prior full-time experience in a technical or related role.
Familiarity with information security and risk management frameworks (e.g., NIST Cybersecurity Framework, ISO 27000 Series).
Strong oral and written communication skills, especially the ability to effectively impart complex or technical subjects to a varied audience.
Extensive knowledge of security risks, controls, and risk mitigation options applicable to computer networks, server and desktop operating systems, communication protocols, and software applications.
Baccalaureate degree in a technical field or equivalent relevant work experience.
Preferred Qualifications
Demonstrated ability to devise innovative security solutions and strategies to address unique requirements and situations.
Two or more years of experience implementing, using or governing the NIST Cybersecurity Framework.
Prior experience working with highly regulated information systems (e.g., HIPAA, PCI, NIST SP 800-171, NIST SP 800-53).
Prior experience using contemporary tools and technologies for vulnerability scanning, remote system administration, network monitoring and protection, security notification, and/or risk assessment.
Experience performing computer and network forensic analysis.
Prior full-time experience as an information security professional in a Higher Education or similarly open and decentralized environment.
Experience using structured, established project management methodologies.
Information security certifications (e.g., Security+, CEH, GSEC).
Prior experience as a network, server, database, or application administrator. Prior experience using information security technologies such as:
governance and risk management systems,
intrusion detection or prevention systems,
remote system management,
vulnerability assessment and penetration testing,
software and hardware-based firewalls, and network access controls.
Job Description
Performs information security and cybersecurity analysis work involving planning, implementing, and monitoring security measures for the protection of information systems and infrastructure. Work also includes protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, vulnerability and penetration testing, forensics, and awareness training and consulting.

Texas State University seeks a Cybersecurity Analyst (CSA) to join its growing information security program. The CSA will work with the security operations team within the Information Security Office. The team proactively identifies, promotes, and implements information security best practices in Texas State’s sizeable academic environment. The CSA will leverage contemporary information security and data governance methodologies and frameworks to mitigate risk to the institution and its information systems.
Job Duties
The Cybersecurity Analyst I (CSA I) will perform and provide risk analysis and assessment, vulnerability and penetration tests, security incident response and forensics, security awareness training, and security consulting to users of information resources. The CSA I requires technical knowledge of network and computing architectures, current and emerging security threats, incident response protocols, and skills in the application of security lifecycle methodologies, risk compliance, and risk assessment strategies.

Communications and Consulting
Assist with awareness programs, including content development for the Information Security website. Provide subject-matter expertise and consulting services regarding risk management strategies. Drive risk reduction through development of improved university business process across functional, academic, and technical areas of the institution.

Operational Security Activities
Create and maintain documentation of security incidents and provide reports to university management and external regulatory agencies. Respond, investigate, and mitigate threats to the institution’s information resources. Conduct field reconnaissance. Execute security system updates/maintenance. Configure security systems to optimally mitigate risks to information resources.

Planning and Architecture
Develop, implement, and institutionalize technical and operational risk reduction strategies. Plan for foreseeable shifts in risk landscape. Provide subject matter expertise to assist in technical architecture improvements leading to more secure institutional resources.