Systems Analyst 3 (529601637)
Hybrid (Must live in Austin TX area)
I. DESCRIPTION OF SERVICES
The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.
• Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems
• Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps
• Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
• Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence
• Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
• Provide governance oversight for endpoint protection, web application security, and cloud security controls
• Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability
• Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices
II. CANDIDATE SKILLS AND QUALIFICATIONS
| Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. | ||
| Years | Required/Preferred | Experience |
| 12 | Required | deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments |
| 10 | Required | Proven experience owning SSP development end to end |
| 10 | Required | Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks |
| 10 | Required | Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management |
| 8 | Required | Ability to translate technical security issues into compliance aligned remediation actions |
| 8 | Required | Strong stakeholder management skills across security, infrastructure, and application teams |
| 8 | Required | Excellent written and verbal communication skills, particularly for executive stakeholders |
| 8 | Required | Knowledge of NIST 800 53, NIST RMF, and privacy controls |
| 8 | Required | Knowledge of Secure SDLC and DevSecOps practices |
| 5 | Preferred | Experience operating in multi-vendor, multi-platform environments |
| 5 | Preferred | Demonstrated ability to reduce repeat audit findings and improve compliance maturity |
| 5 | Preferred | Experience mentoring or guiding teams on security governance best practices |
| 1 | Preferred | Experience supporting HHSC systems, including SSP development and compliance |
Note: Expected Start Date 03/16/2026 and Expected End Date 08/31/2026. May be renewed up to 3 years.
Hybrid - On Site and Telework – Austin, TX 78751. Program will only allow candidates who are LOCAL TO THE AUSTIN AREA (Within 50-mile radius).
Position will be 3 days remote with 2 days (Mondays, Thursdays) required to be onsite.
Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM, excluding State holidays when the agency is closed. The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.