TXCC - Cybersecurity Analyst V (Technical Exploitation Engineer)

TXCC - Cybersecurity Analyst V (Technical Exploitation Engineer) ( 00058375 )

Organization :

Texas Cyber Command Primary Location :

Texas-San Antonio Work Locations :

TXCC Headquarters 506 Dolorosa Street San Pedro One Building San Antonio 78204

Job :

Computer and Mathematical Employee Status :

Regular Schedule :

Full-time Standard Hours Per Week :

40.00

State Job Code :

0323

Salary Admin Plan :

B Grade :

31 Salary (Pay Basis) : 13,750.00 - 14,416.66 (Monthly)

Number of Openings :

1

Overtime Status :

Exempt Job Posting :

May 13, 2026, 9:15:11

AM Closing Date :

May 27, 2026, 11:59:00 PM Description How to Apply Select the link below to search for this position: https://capps.taleo.net/careersection/371/jobsearch.ftl?lang=en Enter the job posting number " " in the keyword search. You must create a CAPPS Career Section candidate profile or be logged in to apply. Update your profile and apply for the job by navigating through the pages and steps. Once ready, select "Submit" on the "Review and Submit" page. If you have problems accessing the CAPPS Career Section, please follow the instructions in the Resetting CAPPS Password for Job Candidate desk aid. TXCC is seeking a Technical Exploitation Engineer (Reverse Engineer / Vulnerability Researcher) to perform highly advanced (senior-level) cybersecurity analysis, serving as a technical expert supporting the Cyber Threat Intelligence Center's investigations and adversary capability efforts. Working under minimal supervision with extensive latitude for independent judgment, the role analyzes exploits, malware, and adversary tooling; identifies vulnerabilities and recurring technical dependencies; and converts analyst signals and incident artifacts into actionable technical insight. Responsibilities include developing and evaluating security measures to protect systems and infrastructure, conducting vulnerability and software security analysis, and producing technical findings that support detection, incident response, threat assessment, and platform hardening. Essential Job Duties Reverse Engineering and Exploitation Research Performs highly advanced technical analysis of malicious software, adversary tooling, and exploit mechanisms to determine functionality, capability, and operational use. Identifies vulnerabilities, exploit chains, and recurring technical dependencies across software, hardware, and platform configurations relevant to agency systems and critical infrastructure. Conducts exploit capture and technical collection activities, including coordination with internal teams, vendors, and external partners. Applies low-level systems knowledge to analyze binaries, memory artifacts, and system behaviors to support discovery of previously unknown or unconfirmed exploitation activity. Threat and Vulnerability Analysis Analyzes cybersecurity threats, adversary tradecraft, and platform weaknesses to identify exploit-enabling conditions, trust boundary failures, and operational dependencies. Hunts for evidence of exploitation across operational telemetry—including logs, endpoint data, and memory artifacts—distinguishing malicious activity from benign system behavior at scale. Performs vulnerability assessments and technical risk analyses of systems, configurations, and access controls to identify weaknesses and recommend mitigation strategies. Researches and evaluates threat indicators and behaviors to support the prevention, detection, containment, and remediation of cybersecurity threats. Detection, Hardening, and Technical Output Development Develops and implements technical outputs that support cybersecurity operations, including detection content, exploit signatures, and analytic artifacts. Produces clear, actionable technical documentation and findings for internal stakeholders, leadership, and external partners to support incident response, threat assessment, and coordinated remediation efforts. Recommends and supports the implementation of security measures and system safeguards to protect information systems and data from unauthorized access, modification, or destruction. Contributes to the development and execution of system security plans and automated security compliance capabilities. Operational Support, Collaboration, and Capability Development Provides advanced technical support to analysts and operators during active cybersecurity investigations, including artifact analysis, capability assessment, and development of attribution-relevant findings. Performs incident detection, analysis, and forensic investigation activities, including the recovery and examination of data from information systems and devices. Monitors and analyzes cybersecurity alerts and system activity to identify and respond to potential threats. Applies artificial intelligence and advanced analytic tools to enhance technical workflows, exercising sound judgment to validate outputs. Maintains documentation of tools, techniques, and findings to support knowledge transfer, continuity of operations, and the onboarding of technical staff. Qualifications Minimum Qualifications Five (5) years of experience in reverse engineering, vulnerability research, exploit development, or a closely related deep technical discipline. Demonstrated experience performing low-level technical analysis of malware, adversary tooling, and system artifacts (e.g., binaries, memory, crash data, telemetry) to identify and validate exploitation activity. Working knowledge of one or more processor architectures (e.g., x86/x64, ARM) at the instruction level. Proficiency in at least one systems programming language and one scripting language commonly used in technical analysis. Demonstrated ability to identify vulnerability classes, assess exploitability, and produce clear, actionable technical documentation for technical and analytic audiences. Practical experience using AI-assisted tools to support technical analysis workflows, with the ability to evaluate output accuracy and reliability.

Preferred Qualifications Experience:

Working in cyber threat intelligence, threat hunting, incident response, or security operations environments, including support to active investigations. Analyzing adversary tooling associated with state-affiliated programs (e.g., China, Russia, Iran, DPRK). Experience with embedded systems, firmware analysis, industrial control systems (ICS), or other specialized computing environments. Identifying vulnerabilities in cloud platforms, identity systems, or widely deployed enterprise software, including familiarity with cross-cloud architectures and security considerations. Developing exploits for offensive or research-focused cybersecurity operations. Standing up or operating malware analysis infrastructure, sandboxing environments, or exploit research tooling. Familiarity with CTI platforms, data standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) used in intelligence and security operations workflows. Working with SIEM, log aggregation, or large-scale telemetry platforms in operational environments. Engaging with software or hardware vendors on vulnerability disclosure or coordinated remediation. Demonstrated public technical contributions (e.g., CVEs, conference presentations, published research, or open-source tooling). Integrating AI/LLM APIs into production workflows, including prompt design, evaluation, and performance or cost considerations. Involvement in government, critical infrastructure, or other environments with elevated security and data handling requirements.

Licensure:

GIAC Reverse Engineering Malware (GREM), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Exploit Developer (OSED), and/or GIAC Certified Incident Handler (GCIH) Knowledge, Skills, and Abilities Knowledge of cybersecurity principles, including adversary tradecraft, exploitation techniques, vulnerability classes, and incident response practices. Knowledge of computer systems, networks, operating systems, and security technologies, including system capabilities, limitations, and attack surfaces. Knowledge of cybersecurity controls, security architecture, and practices used to protect information systems and infrastructure. Knowledge of applicable laws, regulations, and standards governing information security and data protection. Skill in analyzing complex technical information, including system artifacts and security data, to identify patterns, assess risk, and develop actionable conclusions. Skill in clearly communicating complex technical findings—both orally and in writing—to technical and non-technical audiences, and translating technical detail into operationally relevant insights. Skill in the use and application of cybersecurity tools, platforms, and technologies to support detection, analysis, monitoring, and protection of systems and data. Skill in presenting information, providing recommendations, and engaging with stakeholders in a clear, professional, and effective manner. Ability to evaluate technical findings, assess confidence and limitations of available evidence, and determine readiness for operational use. Ability to connect low-level technical analysis to broader operational impact, including translating findings into actionable outcomes for detection, response, and risk mitigation. Ability to resolve complex cybersecurity issues in diverse environments and to plan, develop, and maintain effective security processes and controls. Ability to work independently with minimal supervision, apply sound judgment, collaborate effectively, and utilize advanced tools (including AI) while validating outputs and mitigating risk. Working Conditions Required to work 8 hours per day, 5 days per week May be required to work overtime, holidays, weekends, and hours other than regularly scheduled with supervisor approval May be required to operate a state vehicle or vehicle on behalf of the State Required to travel with possible overnight stays, as necessary Required to conform to dress and grooming standards, work rules, and safety procedures Required to follow non-smoking policy in all state buildings and vehicles Military Occupation Specialty Code The Military Occupation Specialty Codes applicable to this position can be found at this link. Special Instructions Applicants must provide in-depth information in the

EXPERIENCE & CREDENTIALS

section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification. Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the

EXPERIENCE & CREDENTIALS

section of the application. Interview Place/Time Candidates will be notified for appointments as determined by the selection committee. Selective Service Registration Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment. H-1B Visa Sponsorship We are unable to sponsor or take over sponsorship of an employment Visa at this time. Must be a citizen of the United States. Equal Opportunity Employer Texas Cyber Command does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-463-5920 to request reasonable accommodation.