US Citizenship Required

This position is on site 5 days a week

Key Responsibilities

Assist in supervising and managing the TxDOT Cybersecurity Operations Tools Team, including oversight of staff augmentation contractors
Ensure real-time cybersecurity data, metrics, and correlated incident inputs are delivered to the CSOC Manager and Incident Response Team
Administer, maintain, and ensure resilience of enterprise cybersecurity tools, including EDR, scanning, SIEM, and network analytics platforms
Support daily cybersecurity operations and active incident response activities
Plan, manage, and coordinate deployment and operation of cybersecurity tooling across the agency
Provide tooling metrics and inputs for end-of-month and annual cybersecurity reporting
Recommend improvements to cybersecurity operations, tool resilience, and operational maturity
Assist in managing ongoing cybersecurity programs, including tabletop exercises and readiness activities

Day-to-Day Responsibilities

Monitor and manage cybersecurity tools to ensure continuous operational availability and accurate data output
Coordinate with CSOC leadership to support real-time monitoring and incident response efforts
Oversee configuration, tuning, and maintenance of SIEM, endpoint protection, scanning, and network analytics tools
Review alerts, metrics, and tool outputs to ensure effective detection and response coverage
Provide technical direction and task prioritization for contractors and team members
Develop operational metrics, dashboards, and reports for management and compliance needs
Participate in intrusion detection, investigation, and incident response activities
Support cybersecurity exercises, documentation updates, and process improvement initiatives

Preferred Experience and Attributes

Eight or more years of experience managing or leading technical cybersecurity teams
Eight or more years of experience deploying and configuring network security monitoring and incident response tools (EDR, scanners, SIEM, NetFlow)
Eight or more years of experience administering and operating cybersecurity monitoring and response platforms
Demonstrated experience supporting intrusion detection and incident response activities
Strong professional communication skills, including operational reporting and stakeholder coordination
Experience with Cisco security tools and managed network analytics solutions
Experience with Microsoft Endpoint Detection and Response tools
Experience administering and operating Microsoft Sentinel
Experience with the Tenable vulnerability management suite
Ability to work independently with minimal supervision and sound judgment
Experience supporting cybersecurity resilience and operational maturity initiatives
Experience working within large enterprise or government environments

Part time, For contractors,