Security Operations Center (SOC) Team Lead Job Listing at Texas Health and Human Services in Austin, TX (Job ID 14089-en_US)

Description

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Security Operations Center (SOC) Team Lead 
Job Title: Cybersecurity Analyst IV 
Agency: Health & Human Services Comm 
Department: CHIEF INFO SECURITY OFFICE 
Posting Number: 14089 
Closing Date: 04/21/2026 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Range: $8,488.33 - $14,356.00 
Pay Frequency: Monthly
Salary Group: TEXAS-B-29 
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel:  
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 4601 W GUADALUPE ST 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 

Brief Job Description:

This position is open to permanent residents or US citizens only.

The Security Operations Center (SOC) Team Lead is a critical leadership position responsible for the daily coordination, performance, and operational effectiveness of the Security Operations Center for the Texas Health and Human Services Commission (HHSC). This role provides tactical and operational oversight of security monitoring, incident response, and vulnerability management activities to ensure the confidentiality, integrity, and availability of HHSC information systems.

The SOC Team Lead guides a multidisciplinary team of internal staff and external partners, including SOC Analysts, Cybersecurity Analysts, Vulnerability Management personnel, and SIEM Engineers. The position requires deep technical expertise in cybersecurity operations, strong team-building capabilities, and a commitment to continuous process improvement and workforce development.

Essential Job Functions (EJFs):

Leadership and Team Coordination

• Provide daily leadership, technical guidance, and mentorship to SOC personnel, including Analysts, Vulnerability Management staff, and SIEM Engineers.
• Coordinate a hybrid workforce of onsite and remote staff, ensuring seamless communication, effective handoffs between shifts, and team accountability.
• Serve as the primary technical escalation point for Tier II and Tier III security incidents, providing hands-on direction during complex or high-risk events.
• Act as the lead incident responder or incident commander for major cybersecurity incidents in accordance with HHSC policies.
• Promote a culture of continuous learning by identifying skill gaps and overseeing technical training programs for SOC personnel.
• Manage scheduling and shift rotations to ensure 24/7/365 coverage, including after-hours, weekends, and holidays.
• Maintain and report key operational metrics (KPIs) to leadership to demonstrate SOC health and effectiveness.
• Support audit and compliance activities by providing necessary documentation and evidence of security operations.
• Collaborate on the review and validation of the Cybersecurity Incident Response Plan to ensure it remains actionable for the team.

SOC Operations & Technical Oversight

• Drive the continuous improvement of incident response processes, Standard Operating Procedures (SOPs), and automated playbooks.
• Monitor and optimize security alerting across the Microsoft security stack, including M365, Microsoft Defender for Endpoint (MDE), Defender for Cloud Apps (MDCA), and DLP solutions.
• Guide investigations related to Zero Trust Network Access (ZTNA) technologies to ensure secure remote access aligns with agency policy.
• Ensure Identity and Access Management (IAM) platforms (Okta, SailPoint, Login.gov) are monitored effectively with clear escalation paths for anomalies.
• Supervise proactive security functions, including vulnerability management, threat hunting, and the fine-tuning of security tools.
• Coordinate with system owners to ensure vulnerabilities are prioritized, remediated, and verified in a timely manner.
• Lead proactive threat hunting initiatives during low-traffic periods to optimize detection logic within the SIEM, EDR, and IPS.
• Manage the development of automation scripts (SOAR) to reduce manual tasks and improve response times.
• Oversee the creation of SIEM dashboards and reports to provide real-time visibility into the HHSC threat landscape.
• Ensure all investigations and incident documentation meet HHSC forensic and administrative standards.
• Provide technical subject matter expertise to assist leadership in evaluating security tool renewals and new procurements.

Tactical Planning and Continuous Improvement

• Assist in the development and testing of SOC-specific disaster recovery and business continuity plans.
• Facilitate and participate in tabletop exercises and red/blue team drills to test the agency's incident response readiness.
• Provide technical recommendations to enhance security monitoring, such as identifying new log sources or architectural gaps.
• Evaluate and recommend updates to SOC workflows to adapt to emerging threats and new technologies.
• Identify specific certifications and professional development paths to keep the team at the forefront of the cybersecurity field.

Knowledge, Skills and Abilities (KSAs):

• Knowledge of incident response frameworks and best practices.
• Knowledge of security operations with an emphasis on patrol, inspection and response services.
• Knowledge of supervisory practices and procedures.
• Knowledge of a variety of security and safety devices and controls.
• Good organizational skills.
• Strong customer service and results orientation skills.
• Strong interpersonal skills, with the ability to interact effectively with clients, at various social levels and across diverse cultures.
• Exceptional time-management skills with the ability to prioritize and delegate tasks in a fast-paced environment.
• Excellent leadership, communication, and interpersonal skills.
• Skilled in documenting O365/Azure platform technical issues, analysis, client communication, and resolution as part of cyber risk mitigation.
• Demonstrated leadership abilities and adaptability when facing unique challenges, with experience working effectively with individuals in diverse cultures and business environments.
• Ability to provide positive direction and motivate performance.
• Ability to learn quickly and carry out instructions furnished in written, oral, or diagrammatic form.
• Ability to track and maintain schedule assignments.
• Ability to be an effective team member.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to various sites and changes in post procedures.
• Ability to write routine correspondence, including logs and reports
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Registrations, Licensure Requirements or Certifications:

Must hold at least one or more of the following certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Operations Manager (GSOM)
• Microsoft Cybersecurity Architect (SC-100)
• Certified SOC Analyst (CSA)
• AWS Certified Solutions Architect

Initial Screening Criteria:

Bachelor's degree in information security, Computer Science, a related field, or equivalent work experience on a year-for-year basis up to 4 years.

A minimum of 8 years of experience within security operations, cyber threat intelligence, or incident response, with at least 5 years in a leadership role in a SOC (Security Operations Center) or IR team.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

This is an onsite position, with 5 days in office required.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.