Cybersecurity Analyst II

Job Posting Title:

----

Hiring Department:

----

Position Open To:

----

Weekly Scheduled Hours:

----

FLSA Status:

----

Earliest Start Date:

----

Position Duration:

----

Location:

----

Job Details:

Purpose

The Cybersecurity Analyst II is an intermediate level professional responsible for developing, maintaining, and enhancing enterprise cybersecurity programs that safeguard organizational systems, networks, and data. Reporting to the Manager of Enterprise IT Security and Operations, this role emphasizes program design, documentation, and continuous improvement in alignment with organizational standards. The position manages activities within one or more assigned cybersecurity domains such as risk management, incident response, vulnerability management, and threat intelligence, executed under established frameworks and with guidance, ensuring effective delivery of programs with moderate complexity. The Cybersecurity Analyst II updates policies, procedures, playbooks/runbooks, and automation to enhance efficiency and effectiveness. The role ensures alignment with regulatory frameworks such as HIPAA, FERPA, PCI DSS, GDPR, ISO 27001, and NIST and collaborates with IT and business teams to integrate security requirements into SDLC and operational processes. Additionally, the Cybersecurity Analyst II provides guidance to junior analysts and supports a risk‑aware environment through outreach and education.

Responsibilities

Develops and Maintains Cybersecurity Programs

• Designs and documents program components including policies, standard operating procedures, playbooks, and runbooks for one or more assigned cybersecurity domains such as risk management, incident response, vulnerability management, and threat intelligence, ensuring alignment with organizational standards and regulatory frameworks.

• Implements automation and process improvements to enhance efficiency, strengthen domain controls, and support continuous improvement.

• Maintains dashboards and performance metrics for assigned programs (e.g., SLA compliance, control health) and incorporates lessons learned into program updates.

• Collaborates with IT and business stakeholders to integrate security requirements into operational processes and the software development lifecycle, ensuring alignment with enterprise security objectives.

• Coordinates with the department's IT teams, campus IT, and campus Information Security Office (ISO) on the review, implementation, and monitoring of security controls on tools owned and managed by campus IT and ISO (firewalls, DLP, MFA) to safeguard digital infrastructure.

Executes Cybersecurity Operations

• Manages investigations end‑to‑end and coordinates resolution for security events within scope.

• Maintains and refines playbooks/runbooks; suggests workflow improvements based on lessons learned.

• Implements automations for repetitive tasks (e.g., enrichment, triage, alerts, notifications).

Supports Governance, Risk, and Compliance

• Applies policies, standards, and procedures; performs control testing and gathers audit evidence.

• Monitors adherence to HIPAA, FERPA, PCI DSS, GDPR, ISO 27001, and NIST frameworks.

• Updates risk registers, proposes mitigations, and tracks remediation to closure.

• Conducts third‑party and vendor security assessments against organizational standards and documents follow‑ups.

• Helps facilitate awareness initiatives and tabletop exercises; offers coaching during activities.

Reporting & Collaboration

• Maintains dashboards and KPIs (e.g., MTTR, vulnerability SLA compliance, control health).

• Prepares reports with actionable recommendations for stakeholders and leadership.

• Partners with IT and project teams to embed security requirements in designs and changes; reviews changes for security impact.

Marginal or Periodic Functions

• Maintains documentation specific to cybersecurity work (architecture diagrams, SOPs, inventories).

• Represents the organization during audits and external assessments as assigned.

• Participates in professional development and advanced training.

• Supports disaster recovery and business continuity plan updates.

• Adheres to internal controls and reporting structure.

• Performs related duties as required.

KNOWLEDGE/SKILLS/ABILITIES

Problem Solving

• Analyzes complex issues methodically and derives practical, evidence‑based solutions.

• Correlates multi‑source telemetry to isolate root causes.

• Tests alternatives and selects mitigations with minimal disruption.

• Captures decision rationale and lessons learned.

Decision Quality

• Weighs risk, impact, and tradeoffs to make timely, sound decisions.

• Prioritizes actions using clear severity/risk criteria.

• Commits to reasonable containment steps under uncertainty.

• Communicates next steps and contingencies.

Functional/Technical Skills

• Solid technical mastery across SIEM/SOAR, endpoint, vulnerability scanners, and core domains.

• Enhances detections and enrichment workflows.

• Executes investigations across OS/network/identity layers.

• Keeps skills current and evaluates tool effectiveness.

Process Management

• Operates efficient processes with clear handoffs, metrics, and continuous improvement.

• Maintains and streamlines SOPs/runbooks.

• Automates repetitive tasks to reduce MTTR.

• Reviews program performance and suggests refinements.

Dealing with Ambiguity

• Acts effectively without complete information and adapts as situations evolve.

• Initiates investigation/containment with partial indicators.

• Adjusts approach as new artifacts surface.

• Provides steady guidance during fast‑changing events.

Collaborates/Peer Relationships

• Builds cooperative relationships and gains consensus to advance initiatives.

• Aligns remediation plans with IT/application owners.

• Facilitates cross‑team tabletop exercises.

• Escalates diplomatically and closes loops.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• 3 years of proven experience in developing security risk management programs, and associated tooling.

• Proven experience with Risk Management Frameworks (NIST RMF, ISO).

• Strong knowledge of security protocols, network monitoring, and vulnerability assessment tools.

• Demonstrated experience in security incident detection, investigation, and response.

• Demonstrated knowledge of network protocols, operating systems, SIEM tools, and ITIL processes.

• Experience with compliance frameworks (NIST CSF, NIST 800-53, HITRUST).

• Relevant education and experience may be substituted as appropriate.

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• Minimum 4 years of healthcare experience.

• Demonstrated knowledge of healthcare mission, HIPAA regulations, and medical device security considerations.

• Minimum 8 years of experience with network scanning, cloud security, Risk Management Frameworks (RMF), threat intelligence programs, vulnerability management programs, security orchestration, automation, and response (SOAR) platforms.

LICENSES, REGISTRATIONS OR CERTIFICATIONS

Preferred:

• GIAC Certified Incident Handler (GCIH), Certified Incident Handler (ECIH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or CompTIA Security+ Certification.

• Experience with ServiceNow Security Operations and Security Incident Response modules or similar ITSM platforms.

Salary Range

$78,000 + depending on qualifications

Working Conditions

• Standard office equipment

• Repetitive use of a keyboard

• May be exposed to such occupational hazards as communicable diseases, blood borne pathogens, ionizing and non-ionizing radiation, hazardous medications and disoriented or combative patients, or others.

​

Required Materials

• Resume/CV

• 3 work references with their contact information; at least one reference should be from a supervisor

• Letter of interest

Important for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded.  Once your job application has been submitted, you cannot make changes.

Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.

----

Employment Eligibility:

----

Retirement Plan Eligibility:

----

Background Checks:

A criminal history background check will be required for finalist(s) under consideration for this position.

----

Equal Opportunity Employer:

The University of Texas at Austin, as an equal opportunity/affirmative action employer, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions.

----

Pay Transparency:

The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

----

Employment Eligibility Verification:

If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form.  You will be required to present acceptable and original documents to prove your identity and authorization to work in the United States.  Documents need to be presented no later than the third day of employment.  Failure to do so will result in loss of employment at the university.

----

E-Verify:

The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university’s company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following:

• E-Verify Poster (English and Spanish) [PDF]
• Right to Work Poster (English) [PDF]
• Right to Work Poster (Spanish) [PDF]

----

Compliance:

Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031.

The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.