Job Description

US Citizenship Required

This position is on site 5 days a week

Key Responsibilities

• Assist in supervising and managing the TxDOT Cybersecurity Operations Tools Team, including oversight of staff augmentation contractors
• Ensure real-time cybersecurity data, metrics, and correlated incident inputs are delivered to the CSOC Manager and Incident Response Team
• Administer, maintain, and ensure resilience of enterprise cybersecurity tools, including EDR, scanning, SIEM, and network analytics platforms
• Support daily cybersecurity operations and active incident response activities
• Plan, manage, and coordinate deployment and operation of cybersecurity tooling across the agency
• Provide tooling metrics and inputs for end-of-month and annual cybersecurity reporting
• Recommend improvements to cybersecurity operations, tool resilience, and operational maturity
• Assist in managing ongoing cybersecurity programs, including tabletop exercises and readiness activities

Day-to-Day Responsibilities

• Monitor and manage cybersecurity tools to ensure continuous operational availability and accurate data output
• Coordinate with CSOC leadership to support real-time monitoring and incident response efforts
• Oversee configuration, tuning, and maintenance of SIEM, endpoint protection, scanning, and network analytics tools
• Review alerts, metrics, and tool outputs to ensure effective detection and response coverage
• Provide technical direction and task prioritization for contractors and team members
• Develop operational metrics, dashboards, and reports for management and compliance needs
• Participate in intrusion detection, investigation, and incident response activities
• Support cybersecurity exercises, documentation updates, and process improvement initiatives

Preferred Experience and Attributes

• Eight or more years of experience managing or leading technical cybersecurity teams
• Eight or more years of experience deploying and configuring network security monitoring and incident response tools (EDR, scanners, SIEM, NetFlow)
• Eight or more years of experience administering and operating cybersecurity monitoring and response platforms
• Demonstrated experience supporting intrusion detection and incident response activities
• Strong professional communication skills, including operational reporting and stakeholder coordination
• Experience with Cisco security tools and managed network analytics solutions
• Experience with Microsoft Endpoint Detection and Response tools
• Experience administering and operating Microsoft Sentinel
• Experience with the Tenable vulnerability management suite
• Ability to work independently with minimal supervision and sound judgment
• Experience supporting cybersecurity resilience and operational maturity initiatives
• Experience working within large enterprise or government environments

Job Tags

Similar Jobs