Security Operations Center (SOC) Manager Job Listing at Texas Health and Human Services in Austin, TX (Job ID 13409-en_US)

Description

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Security Operations Center (SOC) Manager 
Job Title: Cybersecurity Analyst IV 
Agency: Health & Human Services Comm 
Department: CHIEF INFO SECURITY OFFICE 
Posting Number: 13409 
Closing Date: 04/30/2026 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-29 
Salary Range: $8,488.33 - $14,356.00 
Pay Frequency: Monthly
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel:  
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 701 W 51ST ST 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 

Brief Job Description:

This position is open to permanent residents or US citizens only.

The Security Operations Center (SOC) Manager is a key leadership position responsible for the overall management, performance, and effectiveness of the Security Operations Center for Texas Health and Human Services Commission (HHSC). This role provides strategic and operational oversight of security monitoring, incident response, and vulnerability management activities to ensure the confidentiality, integrity, and availability of HHSC information systems.

The SOC Manager leads a multidisciplinary team of internal staff and external partners, including SOC Analysts, Cybersecurity Analysts, Vulnerability Management personnel, and SIEM Engineers. The position requires strong technical expertise in cybersecurity operations, proven leadership capabilities, and a commitment to continuous process improvement and workforce development.

Essential Job Functions (EJFs):

Leadership and Management

• Provide direct leadership, oversight, and mentorship to SOC personnel, including SOC Analysts, Vulnerability Management staff, and SIEM Engineers.
• Manage a hybrid workforce consisting of onsite and remote staff, ensuring effective communication, collaboration, and accountability.
• Serve as the primary escalation point for Tier II and Tier III security incidents, providing direction and decision-making support during complex or high-risk events.
• Act as the incident commander for major cybersecurity incidents in accordance with HHSC policies and procedures.
• Foster a culture of continuous learning and professional development by coordinating and overseeing training programs for SOC personnel.
• Ensure adequate staffing levels to support 24/7/365 SOC operations, including after-hours, weekends, and holidays.
• Identify, track, maintain, and report key security operations metrics to leadership and stakeholders.
• Support internal and external audits, assessments, and compliance activities related to cybersecurity operations.
• Periodically review, validate, and update the Cybersecurity Incident Response Plan to ensure continued effectiveness and alignment with agency requirements.

SOC Operations

• Oversee and continuously improve SOC incident response processes, including documentation, Standard Operating Procedures (SOPs), and incident response playbooks.
• Oversee security monitoring, alerting, and incident response activities across Microsoft security platforms, including Microsoft 365, Microsoft Defender for Endpoint (MDE), Microsoft Defender for Cloud Apps (MDCA), and Data Loss Prevention (DLP) solutions.
• Oversee security monitoring, investigation, and incident response activities related to Zero Trust Network Access (ZTNA) technologies, ensuring secure remote and application access in alignment with HHSC security policies.
• Ensure Identity and Access Management (IAM) platforms, including Okta, SailPoint, and Login.gov, are effectively monitored and supported through defined investigation, escalation, and incident response procedures aligned with HHSC standards.
• Supervise proactive security activities, including vulnerability management, threat hunting, and security tool tuning.
• Ensure vulnerabilities are reviewed, prioritized, and communicated to system owners, with appropriate coordination for remediation and verification of corrective actions.
• Leverage low-traffic operational periods to conduct proactive threat hunting and optimize security technologies (e.g., SIEM, EDR, IPS, VPN) to improve detection accuracy and reduce false positives.
• Oversee the development and maintenance of automation scripts and response playbooks to streamline routine SOC activities.
• Ensure the creation and maintenance of dashboards and reports within the SIEM to provide visibility into security posture, trends, and incident activity.
• Ensure all security event investigations and incident response activities are thoroughly documented in accordance with HHSC standards.
• Provide subject matter expertise and recommendations related to security tool renewals, enhancements, and procurement.

Strategic Planning and Continuous Improvement

• Assist in the development, maintenance, and testing of SOC-related disaster recovery and business continuity plans.
• Participate in and coordinate tabletop exercises, drills, and operational tests related to cybersecurity incident response and continuity planning.
• Provide strategic recommendations to improve HHSC's security monitoring and response capabilities, including identification of new tools, log sources, and architectural improvements.
• Recommend updates to SOC roles, responsibilities, and workflows to address evolving cybersecurity threats and emerging technologies.
• Identify and recommend professional development, certifications, and training opportunities to enhance the technical and leadership skills of SOC personnel.

Knowledge, Skills and Abilities (KSAs):

• Knowledge of incident response frameworks and best practices.
• Knowledge of security operations with an emphasis on patrol, inspection and response services.
• Knowledge of supervisory practices and procedures.
• Knowledge of a variety of security and safety devices and controls.
• Good organizational skills.
• Strong customer service and results orientation skills.
• Strong interpersonal skills, with the ability to interact effectively with clients, at various social levels and across diverse cultures.
• Exceptional time-management skills with the ability to prioritize and delegate tasks in a fast-paced environment.
• Excellent leadership, communication, and interpersonal skills.
• Demonstrated leadership abilities and adaptability when facing unique challenges, with experience working effectively with individuals in diverse cultures and business environments.
• Skilled in documenting O365/Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation.
• Ability to provide positive direction and motivate performance.
• Ability to learn quickly and carry out instructions furnished in written, oral, or diagrammatic form.
• Ability to track and maintain schedule assignments.
• Ability to be an effective team member.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to various sites and changes in post procedures.
• Ability to write routine correspondence, including logs and reports
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Registrations, Licensure Requirements or Certifications:

Must hold at least one or more of the following certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Operations Manager (GSOM)
• Microsoft Cybersecurity Architect (SC-100)
• Certified SOC Analyst (CSA)
• AWS Certified Solutions Architect

Initial Screening Criteria:

Bachelor's degree in information security, Computer Science, a related field, or equivalent work experience on a year-for-year basis up to 4 years.

A minimum of 8 years of experience within security operations, cyber threat intelligence, or incident response, with at least 5 years in a leadership role in a SOC (Security Operations Center) or IR team.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.