Application Security Analyst II

WHY WORK FOR DFPS?

The Texas Department of Family and Protective Services (DFPS) is responsible for protecting the unprotected — children, elderly, and people with disabilities — from abuse, neglect, and exploitation. DFPS accomplishes this responsibility by employing over 12,000 workers who live up to the agency's Mission, Vision, & Values in service to the citizens of Texas. DFPS is not only a qualifying organization for the Public Service Loan Forgiveness Program but also offers excellent health benefits, special discounts on many products and services through the Discount Purchase Program, longevity pay, generous paid leave, access to the Wellness program, lifetime retirement annuity, Texa$aver 401(k) and 457 Programs under the Employees Retirement System of Texas.

Brief Job Description:
The Texas Department of Family and Protective Services (DFPS) is seeking an entry-level Cybersecurity Analyst II specializing in Application Security. In this role, you will support and learn from experienced professionals as you help protect DFPS’s digital assets throughout the Software Development Life Cycle (SDLC). This is an excellent opportunity to launch your career in cybersecurity by gaining hands-on experience with modern application security tools and processes.

DFPS is dedicated to protecting children, the elderly, and people with disabilities from abuse, neglect, and exploitation. As an entry-level Cybersecurity Analyst II in Application Security, your efforts in identifying and mitigating application vulnerabilities will help safeguard these critical services and support the agency’s broader mission.

This position is classified as full-time (40 hours per week) and is 100% telework within Texas. The candidate must maintain personal Wi-Fi and webcam capabilities during work hours. Occasional work outside regular hours and travel to Austin offices may be necessary. The role operates with limited supervision, granting considerable latitude for initiative and independent judgment.

Essential Job Functions (EJFs):

Assist in implementing and maintaining application security measures across web, mobile, and API platforms. 10%

Collaborate with development and operations teams to ensure security checks are integrated early and throughout the SDLC. 10%

Work closely with IT, development, and security teams to support coordinated vulnerability management efforts. 10%

Support the incident response team with preliminary assessments and remediation efforts as needed. 10%

Participate in follow-up reviews to ensure vulnerabilities are effectively addressed. 10%

Work alongside senior analysts to monitor, assess, and document vulnerabilities within DFPS applications. 10%

Contribute to the creation and maintenance of security documentation and standard operating procedures. 10%

Perform basic application vulnerability scans under the guidance of senior team members. 10%

Analyze scan results, document findings, and assist in prioritizing remediation activities. 10%

Attend training sessions and participate in continuous learning initiatives to stay current with evolving application security threats and industry standards. 5%

Support and Maintain security scanning tools (such as SAST/DAST solutions) 5%

Registrations, Licensure Requirements or Certifications

NA

Knowledge, Skills, and Abilities statement:

• Ability to demonstrate a foundational understanding of application security platforms (e.g., SAST, DAST, IAST) and configure these tools to identify, prioritize, and remediate security risks in software applications.
• Ability to integrate application security data into broader cybersecurity platforms to enhance monitoring, reporting, and proactive threat response.
• Ability to understand and apply key industry standards and frameworks (e.g., OWASP, NIST, CJIS) to guide secure software development practices and ensure compliance with relevant requirements.
• Skill in comprehending the processes for detecting, prioritizing, and remediating vulnerabilities throughout the secure development lifecycle, with an emphasis on timely resolution.
• Ability to remain current on emerging vulnerabilities, tools, and trends in cybersecurity, thereby enhancing vulnerability management strategies.
• Ability to create clear and concise reports on identified vulnerabilities and remediation efforts, contributing to improved accuracy in security assessments over time.
• Ability to understand core aspects of application architecture—including web, mobile, and API-based systems—and recognize how these elements influence security scanning and remediation practices.
• Ability to identify and resolve basic issues related to application security tools, ensuring that these tools remain functional and available for ongoing assessments.
• Ability to stay informed about emerging application vulnerabilities, new security tools, and industry trends to continually enhance personal skills and support evolving security strategies.
• Skill in leveraging strong interpersonal and analytical abilities to contribute to effective teamwork and drive the continuous improvement of application security practices.
• Ability to convey technical concepts clearly to both technical and non-technical audiences, including the preparation of concise summaries and actionable recommendations.

Initial Screening Criteria:

• Graduation from an accredited four-year college or university focusing on cybersecurity, information technology, computer science, or a related field. Relevant work experience may be substituted for education on a year-for-year basis.
• Minimum of 1 years of hands-on experience in performing vulnerability assessments using tools such as SAST, DAST, or IAST, or participating in the software development lifecycle.

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. You may also contact the DFPS Military Liaison at dfpsmilvets@dfps.texas.gov with additional questions.

Applicants selected for hire must pass a background check and if applicable a driver’s record check.

As a state agency, DFPS is required by Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files. 

DFPS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Employees must provide documentation to DFPS to show their identity and authorization to work in the US. Please review the following link for authorized documents: https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .

In compliance with the Americans with Disabilities Act (ADA), HHS/DFPS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS/DFPS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.