TIERS Cybersecurity Operations Director
Texas Health and Human Services Commission, Austin, Texas, us, 78716
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title:
TIERS Cybersecurity Operations Director Job Title:
Director III Agency:
Health & Human Services Comm Department:
TIERS OAPD Staff CISO Posting Number:
13645 Closing Date:
04/06/2026 Posting Audience:
Internal and External Occupational Category:
Computer and Mathematical Salary Group:
TEXAS-B-28 Salary Range:
$7,716.66 - $13,051.00 Pay Frequency:
Monthly Shift:
Day Additional Shift:
Days (First) Telework: Travel: Regular/Temporary:
Regular Full Time/Part Time:
Full time FLSA Exempt/Non-Exempt:
Exempt Facility Location: Job Location City:
AUSTIN Job Location Address:
1609 CENTRE CREEK Other Locations: MOS Codes:
8003,8040,8041,8042,10C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,631X,641X,648X,90G0,91C0,91W0 97E0,SEI15
Brief Job Description:
This position is open to permanent residents or U.S. citizens only.
The
TIERS Cybersecurity Operations Director
serves as the executive leader responsible for cybersecurity operations supporting the Texas Integrated Eligibility Redesign System (TIERS) environment and associated platforms. This role provides strategic direction, operational oversight, and technical leadership to ensure the confidentiality, integrity, and availability of one of HHSC's most mission-critical systems supporting benefits delivery to Texans.
The Director oversees Security Operations Center (SOC) activities specific to TIERS, including threat detection, SIEM strategy, vulnerability management, penetration testing coordination, and cyber incident response. This position ensures continuous monitoring of the TIERS ecosystem and drives rapid mitigation of threats to minimize operational and reputational risk to the agency.
Operating at a senior leadership level, the Director collaborates closely with infrastructure, application development, cloud engineering, privacy, and program leadership to embed security into the TIERS technology lifecycle. The role is accountable for operational security readiness, attack surface reduction, and maintaining a mature defensive posture against advanced threats targeting public-sector systems.
Risk management, governance, compliance oversight, audit coordination, and regulatory control validation are performed by the HHSC Risk and Compliance divisions This position partners with those teams to operationalize controls but does not own compliance functions, ensuring clear separation of duties and alignment with enterprise governance.
The Director III exercises extensive independent judgment, leads high-impact cyber response activities, manages senior security personnel, and contributes to the long-term modernization of HHSC cybersecurity capabilities.
Essential Job Functions (EJFs):
Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned.
(30%) TIERS Security Operations Leadership • Provide executive oversight for SOC operations protecting the TIERS environment and interconnected systems. • Establish operational security strategy, priorities, and performance metrics aligned with agency cyber objectives. • Direct advanced threat detection, triage, investigation, and response activities. • Lead cyber incident command for TIERS-related events and coordinate cross-functional response efforts. • Ensure continuous monitoring capabilities provide full visibility across application, database, identity, network, and cloud layers. • Mature SOC processes through automation, orchestration, and intelligence-driven defense. • Deliver executive briefings during major incidents and communicate risk posture to CISO leadership.
(25%) SIEM Strategy & Detection Engineering • Provide strategic oversight of SIEM capabilities supporting TIERS, including platforms such as Splunk and Microsoft Sentinel. • Ensure comprehensive log ingestion across TIERS infrastructure, applications, and security tooling. • Champion detection engineering practices to improve identification of sophisticated attack patterns. • Oversee development of correlation rules, behavioral analytics, and threat intelligence integrations. • Reduce alert fatigue by improving signal fidelity and optimizing detection logic. • Support enterprise logging standards and forensic readiness.
(20%) Vulnerability Management & Penetration Testing • Direct vulnerability management activities for TIERS using enterprise tools such as Qualys. • Ensure timely identification, prioritization, and remediation of critical and high-risk vulnerabilities. • Partner with system owners and infrastructure teams to reduce systemic weaknesses. • Provide executive oversight for penetration testing activities and validate remediation of findings. • Monitor exploit trends and proactively defend against emerging threats. • Establish attack surface reduction strategies aligned with Zero Trust principles.
(15%) TIERS Platform & Cloud Security • Oversee security operations across hybrid and cloud-hosted TIERS components. • Ensure continuous monitoring for misconfigurations, exposed services, identity compromise, and privilege escalation. • Collaborate with architecture teams to embed security controls into platform design. • Strengthen identity security, privileged access protections, and segmentation strategies. • Support secure modernization initiatives impacting eligibility systems.
(5%) Partnership with Risk & Compliance • Collaborate with Risk and Compliance teams to operationalize security controls. • Provide operational evidence and technical support for audits and assessments when requested. • Translate operational threats into actionable intelligence for governance stakeholders. • Maintain clear separation between operational security and compliance ownership.
(5%) Other Duties as Assigned
Includes participation in emergency response, cybersecurity incidents, legislative inquiries, and Continuity of Operations (COOP) activities as required.
Knowledge, Skills and Abilities (KSAs):
Executive-level knowledge of Security Operations and large-scale cyber defense programs. Deep knowledge in SIEM platforms such as Splunk, Sentinel, or equivalent enterprise tools. Advanced knowledge of penetration testing methodologies and remediation practices. Knowledge of hybrid and cloud security architectures. Knowledge of attacker tactics, techniques, and procedures mapped to MITRE ATT&CK. Skilled in building metrics, dashboards, and operational reporting for leadership. Skilled in leading vulnerability management programs utilizing platforms such as Qualys. Exceptional communication and stakeholder management skills. Strong leadership capability managing high-performing technical teams. Ability to translate cyber risk into operational and business impact for executive audiences. Ability to operate decisively during high-severity incidents. Proven ability to lead teams during high-impact cyber events. Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
Registrations, Licensure Requirements or Certifications:
Preferred certifications include one or more of the following: • CISSP or CISSP-ISSMP • CISM • GIAC (GCIH, GCIA, or GCED) • Certified Cloud Security Professional (CCSP) • AWS Security Specialty or Azure Security Engineer • Certified Ethical Hacker (CEH)
Initial Screening Criteria: • Minimum 10+ years of progressive cybersecurity experience. • At least 5 years in a senior leadership role within Security Operations or cyber defense. • Experience managing SIEM, vulnerability management, and incident response programs. • Experience securing large, mission-critical enterprise applications.
Additional Information:
Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual
#LI-IN1
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, and Veterans :
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations:
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks and Work Eligibility:
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Telework Disclaimer:
This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.
Functional Title:
TIERS Cybersecurity Operations Director Job Title:
Director III Agency:
Health & Human Services Comm Department:
TIERS OAPD Staff CISO Posting Number:
13645 Closing Date:
04/06/2026 Posting Audience:
Internal and External Occupational Category:
Computer and Mathematical Salary Group:
TEXAS-B-28 Salary Range:
$7,716.66 - $13,051.00 Pay Frequency:
Monthly Shift:
Day Additional Shift:
Days (First) Telework: Travel: Regular/Temporary:
Regular Full Time/Part Time:
Full time FLSA Exempt/Non-Exempt:
Exempt Facility Location: Job Location City:
AUSTIN Job Location Address:
1609 CENTRE CREEK Other Locations: MOS Codes:
8003,8040,8041,8042,10C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,631X,641X,648X,90G0,91C0,91W0 97E0,SEI15
Brief Job Description:
This position is open to permanent residents or U.S. citizens only.
The
TIERS Cybersecurity Operations Director
serves as the executive leader responsible for cybersecurity operations supporting the Texas Integrated Eligibility Redesign System (TIERS) environment and associated platforms. This role provides strategic direction, operational oversight, and technical leadership to ensure the confidentiality, integrity, and availability of one of HHSC's most mission-critical systems supporting benefits delivery to Texans.
The Director oversees Security Operations Center (SOC) activities specific to TIERS, including threat detection, SIEM strategy, vulnerability management, penetration testing coordination, and cyber incident response. This position ensures continuous monitoring of the TIERS ecosystem and drives rapid mitigation of threats to minimize operational and reputational risk to the agency.
Operating at a senior leadership level, the Director collaborates closely with infrastructure, application development, cloud engineering, privacy, and program leadership to embed security into the TIERS technology lifecycle. The role is accountable for operational security readiness, attack surface reduction, and maintaining a mature defensive posture against advanced threats targeting public-sector systems.
Risk management, governance, compliance oversight, audit coordination, and regulatory control validation are performed by the HHSC Risk and Compliance divisions This position partners with those teams to operationalize controls but does not own compliance functions, ensuring clear separation of duties and alignment with enterprise governance.
The Director III exercises extensive independent judgment, leads high-impact cyber response activities, manages senior security personnel, and contributes to the long-term modernization of HHSC cybersecurity capabilities.
Essential Job Functions (EJFs):
Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned.
(30%) TIERS Security Operations Leadership • Provide executive oversight for SOC operations protecting the TIERS environment and interconnected systems. • Establish operational security strategy, priorities, and performance metrics aligned with agency cyber objectives. • Direct advanced threat detection, triage, investigation, and response activities. • Lead cyber incident command for TIERS-related events and coordinate cross-functional response efforts. • Ensure continuous monitoring capabilities provide full visibility across application, database, identity, network, and cloud layers. • Mature SOC processes through automation, orchestration, and intelligence-driven defense. • Deliver executive briefings during major incidents and communicate risk posture to CISO leadership.
(25%) SIEM Strategy & Detection Engineering • Provide strategic oversight of SIEM capabilities supporting TIERS, including platforms such as Splunk and Microsoft Sentinel. • Ensure comprehensive log ingestion across TIERS infrastructure, applications, and security tooling. • Champion detection engineering practices to improve identification of sophisticated attack patterns. • Oversee development of correlation rules, behavioral analytics, and threat intelligence integrations. • Reduce alert fatigue by improving signal fidelity and optimizing detection logic. • Support enterprise logging standards and forensic readiness.
(20%) Vulnerability Management & Penetration Testing • Direct vulnerability management activities for TIERS using enterprise tools such as Qualys. • Ensure timely identification, prioritization, and remediation of critical and high-risk vulnerabilities. • Partner with system owners and infrastructure teams to reduce systemic weaknesses. • Provide executive oversight for penetration testing activities and validate remediation of findings. • Monitor exploit trends and proactively defend against emerging threats. • Establish attack surface reduction strategies aligned with Zero Trust principles.
(15%) TIERS Platform & Cloud Security • Oversee security operations across hybrid and cloud-hosted TIERS components. • Ensure continuous monitoring for misconfigurations, exposed services, identity compromise, and privilege escalation. • Collaborate with architecture teams to embed security controls into platform design. • Strengthen identity security, privileged access protections, and segmentation strategies. • Support secure modernization initiatives impacting eligibility systems.
(5%) Partnership with Risk & Compliance • Collaborate with Risk and Compliance teams to operationalize security controls. • Provide operational evidence and technical support for audits and assessments when requested. • Translate operational threats into actionable intelligence for governance stakeholders. • Maintain clear separation between operational security and compliance ownership.
(5%) Other Duties as Assigned
Includes participation in emergency response, cybersecurity incidents, legislative inquiries, and Continuity of Operations (COOP) activities as required.
Knowledge, Skills and Abilities (KSAs):
Executive-level knowledge of Security Operations and large-scale cyber defense programs. Deep knowledge in SIEM platforms such as Splunk, Sentinel, or equivalent enterprise tools. Advanced knowledge of penetration testing methodologies and remediation practices. Knowledge of hybrid and cloud security architectures. Knowledge of attacker tactics, techniques, and procedures mapped to MITRE ATT&CK. Skilled in building metrics, dashboards, and operational reporting for leadership. Skilled in leading vulnerability management programs utilizing platforms such as Qualys. Exceptional communication and stakeholder management skills. Strong leadership capability managing high-performing technical teams. Ability to translate cyber risk into operational and business impact for executive audiences. Ability to operate decisively during high-severity incidents. Proven ability to lead teams during high-impact cyber events. Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
Registrations, Licensure Requirements or Certifications:
Preferred certifications include one or more of the following: • CISSP or CISSP-ISSMP • CISM • GIAC (GCIH, GCIA, or GCED) • Certified Cloud Security Professional (CCSP) • AWS Security Specialty or Azure Security Engineer • Certified Ethical Hacker (CEH)
Initial Screening Criteria: • Minimum 10+ years of progressive cybersecurity experience. • At least 5 years in a senior leadership role within Security Operations or cyber defense. • Experience managing SIEM, vulnerability management, and incident response programs. • Experience securing large, mission-critical enterprise applications.
Additional Information:
Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual
#LI-IN1
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, and Veterans :
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations:
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks and Work Eligibility:
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Telework Disclaimer:
This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.