About Harris County and Universal Services:
Harris County Universal Services is transforming the way the County does business and seeking a Threat and Vulnerability Management Analyst to join our team.
Universal Services is the enterprise IT solutions center for the departments and offices of Harris County, providing Information Technology, Public Safety and Justice Technologies, 311 Constituent Engagement Services, Fleet Services, and Records and Information Governance Services.
Harris County is the third largest and most diverse county in the nation, with a population of more than 4.7 million. Harris County Commissioners Court, the County’s governing body, directs a budget of more than $4 billion providing essential services including flood control, infrastructure, healthcare, housing, and justice administration.
This is a great time to join Universal Services as we enhance critical services to Harris County residents and internal customers.
Position Overview:
The Threat & Vulnerability Management Analyst is responsible for identifying, investigating, and helping remediate cybersecurity threats and vulnerabilities across the enterprise. This role conducts vulnerability assessments, investigates security alerts, analyzes emerging threats, and collaborates with IT and security teams to strengthen the organization's security posture. The ideal candidate has strong analytical and investigative skills, a passion for cybersecurity, and the ability to translate technical findings into actionable recommendations.
Job Responsibilities:
Conduct continuous vulnerability scanning of servers, workstations, network devices, cloud resources, and applications to identify security weaknesses.
Analyze and prioritize vulnerabilities based on risk, exploitability, asset criticality, CVSS scores, and threat intelligence.
Coordinate remediation efforts with infrastructure, application, cloud, and endpoint teams to ensure vulnerabilities are addressed within established service-level objectives (SLOs).
Validate remediation activities by performing research and verifying that vulnerabilities have been successfully mitigated or remediated.
Monitor threat intelligence feeds, CISA advisories, vendor security bulletins, and zero-day vulnerabilities to assess organizational exposure.
Develop and maintain vulnerability management dashboards, metrics, and executive reports that track remediation progress, risk trends, compliance, and key performance indicators.
Investigate Security Operations Center (SOC) alerts to validate potential threats, determine scope and impact, and identify indicators of compromise (IOCs).
Investigate security events and anomalies to identify root causes, affected assets, attack vectors, and recommended remediation actions.
Support incident response by triaging SOC alerts, collecting evidence, documenting findings, and escalating confirmed security incidents in accordance with established procedures.
Correlate SOC alerts with vulnerability and asset data to determine whether identified security weaknesses contributed to the observed activity and recommend mitigation measures.
Maintain and optimize Threat and Vulnerability Management tools (e.g., Microsoft Defender Vulnerability Management, Rapid7), including scan configurations, asset inventories, and reporting.
Harris County is an Equal Opportunity Employer
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email
[email protected].
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate. Education:
Experience:
Knowledge, Skills, and Abilities
Proficiency in using SIEM tools, firewalls, intrusion detection/prevention systems, and vulnerability scanners.
Familiarity with operating systems (Windows, Linux) and networking protocols.
Understanding of regulatory frameworks and compliance requirements.
Strong analytical, communication, and documentation skills.
NOTE: Qualifying education, experience, knowledge and skills must be documented in your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.