Software Developer 2

Texas Health and Human Services Commission requires the services of 1 Software Developer 2 hereafter referred to as Candidate(s) who meets the general qualifications of Software Developer 2 Applications/Software Development and the specifications outlined in this document for the Texas Health and Human Services Commission.

All work products resulting from the project shall be considered works made for hire and are the property of the Texas Health and Human Services Commission and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law. Texas Health and Human Services Commission will pay no fees for interviews or discussions which occur during the process of selecting a Candidate(s).

The Software Developer II performs advanced (senior-level) software development work focused on designing building testing and optimizing Microsoft Sentinel capabilities for DSHS projects. This role is responsible for developing custom automation playbooks analytics rules behavioral models connectors and integrations to support SOAR and UEBA functionality. The position works under limited supervision with considerable latitude for initiative independent judgment and technical leadership.

Essential Job Functions (EJFs)

1. Microsoft Sentinel SOAR Development (40%)

Designs develops tests and deploys Sentinel SOAR automation playbooks using Azure Logic Apps Azure Functions ARM templates and REST APIs.

Creates automated workflows for alert enrichment triage response actions notification processes and case management.

Integrates Sentinel with third-party systems (EDR IAM ticketing systems email gateways firewalls etc.) to automate security operations.

2. UEBA & Analytics Engineering (30%)

Develops custom UEBA detection rules anomaly models ML-based behavior patterns and advanced hunting queries (KQL).

Builds and maintains analytics content data parsers normalization rules and entity behavior profiles.

Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.

3. SIEM Content Development & Platform Engineering (15%)

Designs and implements custom data connectors ingestion pipelines and data transformation logic.

Creates dashboards workbooks hunting queries and detection-as-code assets.

Performs platform tuning to improve performance reduce noise and align to MITRE ATT&CK and Zero Trust principles.

4. Application Development & Integration (10%)

Develops supporting code modules scripts microservices and helper APIs using Python or similar languages.

Works with DevOps pipelines CI/CD processes version control and infrastructure-as-code where applicable.

5. Documentation Collaboration & Support (5%)

Writes technical design documents SOPs architecture diagrams and automation runbooks.

Collaborates with DSHS HHSC CISO Office and cross-functional stakeholders on requirements testing and deployment.

Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

Knowledge Skills and Abilities (KSAs)

Knowledge of:

Microsoft Sentinel architecture SOAR and UEBA capabilities.

Azure cloud services Logic Apps Azure Functions Event Hubs Key Vault and Azure AD.

Security operations processes (triage threat detection incident response threat modeling).

MITRE ATT&CK NIST CSF Zero Trust Architecture concepts.

Programming and scripting languages (Python PowerShell KQL C# JavaScript or equivalent).

CI/CD pipelines DevOps practices and Git-based version control.

API integrations and JSON/YAML structures.

Skills in:

Building Logic App workflows and custom Sentinel automation playbooks.

Writing complex KQL queries for analytics hunting and behavioral detection.

Developing custom connectors data maps and parsers.

Designing and optimizing UEBA detection models.

Debugging SOAR workflows and resolving integration issues.

Communicating technical information clearly to both technical and non-technical audiences.

Abilities to:

Work independently and take ownership of complex development tasks.

Translate security requirements into scalable technical solutions.

Analyze threat behaviors and develop meaningful detections.

Work collaboratively with cybersecurity infrastructure and application teams.

Manage multiple work assignments and meet deadlines.

II. CANDIDATE SKILLS AND QUALIFICATIONS

III. TERMS OF SERVICE

Services are expected to start 01/26/2026 and are expected to complete by 08/31/2026. Total estimated hours per Candidate shall not exceed 1512 hours. This service may be amended renewed and/or extended providing both parties agree to do so in writing.

IV. WORK HOURS AND LOCATION

Services shall be provided during normal business hours unless otherwise coordinated through the Texas Health and Human Services Commission. Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM excluding State holidays when the agency is closed.

The primary work location(s) will be at 701 W. 51st Austin TX 78751. The working position is On Site. Any and all travel per diem parking and/or living expenses shall be at the Candidates and/or Vendors expense. Texas Health and Human Services Commission will provide pre-approved written authorization for travel for any services to be performed away from the primary work location(s). Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees including any requirement for original receipts.

The Candidate(s) may be required to work outside the normal business hours on weekends evenings and holidays as requested. Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through Texas Health and Human Services Commission.