Network Security Analyst 2 (529601607)
Hybrid - On Site and Telework (Must live in Austin TX area)
I. DESCRIPTION OF SERVICES
Level Description
4-7 years of experience in the field or in a related area. Familiar with standard concepts, practices, and procedures within a particular field. Relies on limited experience and judgment to plan and accomplish goals. A certain degree of creativity and latitude is required. Works under limited supervision with considerable latitude for the use of initiative and independent judgment. Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions.
Job Description
A network security analyst ensures that information systems and computer networks are secure. This includes protecting the company against hackers and cyber-attacks, as well as monitoring network traffic and server logs for activity that seems unusual. Additionally, these analysts are responsible for finding vulnerabilities in the computer networks and creating recommendations for how to minimize these vulnerabilities. The network security analyst investigates security breaches, develops strategies for any security issues that arise, and utilizes the help of firewalls and antivirus software to maintain security.
Key Responsibilities
System Security Planning (SSP)
• Develop, update, and maintain System Security Plans for HHSC applications and systems.
• Work with program teams, Information Owners, and Custodians to gather control implementation evidence.
• Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.
Security Assessments (SA)
• Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
• Review technical, administrative, and operational evidence.
• Document assessment results and track remediation activities.
Risk Assessments (RA)
• Facilitate Risk Assessment workshops with Information Owners and Custodians.
• Identify threats, vulnerabilities, likelihood, and impact.
• Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.
GRC & Compliance Operations
• Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.
• Support system authorization (ATO) activities and continuous monitoring.
• Prepare audit and oversight evidence.
• Produce leadership reports and security posture metrics.
Stakeholder Engagement
• Serve as liaison between program areas, technical teams, and CISO Office leadership.
• Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.
Deliverables
• Completed and updated System Security Plans (SSPs)
• Documented Security Assessment reports and findings
• Completed Risk Assessments and Risk-Based Decisions
• RSA Archer risk and compliance records
• Remediation tracking and status reports
• Audit-ready security documentation packages
Work Requirements
• Must pass background check.
• Must comply with HHSC confidentiality and security requirements.
• Occasional after-hours support during audits or major assessments.
This position directly supports HHSC’s enterprise cybersecurity compliance, audit readiness, and system authorization program. The contractor will play a key role in ensuring every system has an SSP, every system has a Security Assessment, and every system has a documented Risk Assessment — exactly the accountability model your CISO Office is driving.
II. CANDIDATE SKILLS AND QUALIFICATIONS
| Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. | ||
| Years | Required/Preferred | Experience |
| 4 | Required | 4+ years of experience in cybersecurity GRC, system security planning, or information assurance. |
| 4 | Required | Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments. |
| 4 | Required | Knowledge of NIST SP 800-53 and NIST Risk Management Framework. |
| 4 | Required | Experience using GRC platforms (RSA Archer preferred). |
| 4 | Required | Experience working with Information Owners and Custodians. |
| 4 | Required | Strong technical writing and documentation skills. |
| 4 | Required | Ability to work independently on complex assignments. |
| 3 | Preferred | Familiarity with DIR Security Control Standards. |
| 3 | Preferred | Experience supporting ATO and continuous monitoring. |
| 2 | Preferred | Experience in state or federal government cybersecurity programs. |
| 1 | Preferred | CRISC or CISA certification. |
| 1 | Required | One of these certifications: CompTIA Security+, GIAC GSEC, CAP, CISSP |
Note: Expected Start Date 03/30/2026 and Expected End Date 08/31/2026. May be renewed up to 3 years.
Hybrid - On Site and Telework - Austin, TX 78751. Program will only allow candidates who are LOCAL TO THE AUSTIN AREA (Within 50-mile radius).
Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM, excluding State holidays when the agency is closed. The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.