I. DESCRIPTION OF SERVICES
Texas Health and Human Services Commission requires the services of 1 Systems Analyst 3 hereafter referred to as Candidate(s) who meets the general qualifications of Systems Analyst 3 Applications/Software Development and the specifications outlined in this document for the Texas Health and Human Services Commission. All work products resulting from the project shall be considered works made for hire and are the property of the Texas Health and Human Services Commission and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law. Texas Health and Human Services Commission will pay no fees for interviews or discussions which occur during the process of selecting a Candidate(s).
The Security Engineer will project work by leading security governance compliance and risk management activities with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance ensuring audit readiness effective vulnerability remediation and secure delivery of public-facing services across complex multi-platform environments.
Lead end to end System Security & Privacy Plan (SSP/SSPP) development maintenance and updates for enterprise systems
Drive remediation activities through POA&M management ensuring timely closure of compliance gaps
Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
Coordinate with application infrastructure and security teams to validate remediation through re-testing and evidence
Oversee risk-based vulnerability management including prioritization and SLA-driven remediation
Provide governance oversight for endpoint protection web application security and cloud security controls
Produce assessor ready documentation including configurations monitoring evidence approvals and incident traceability
Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years Required/Preferred Experience
12 Required deep focus on: Governance Risk and Compliance (GRC) Enterprise Security and Security Architecture Vulnerability Management and Penetration Testing Cloud Security and hybrid environments
10 Required Proven experience owning SSP development end to end
10 Required Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
10 Required Strong expertise in: Control implementation documentation Audit evidence collection and validation POA&M creation tracking and remediation management
8 Required Ability to translate technical security issues into compliance aligned remediation actions
8 Required Strong stakeholder management skills across security infrastructure and application teams
8 Required Excellent written and verbal communication skills particularly for executive stakeholders
8 Required Knowledge of NIST 800 53 NIST RMF and privacy controls
8 Required Knowledge of Secure SDLC and DevSecOps practices
5 Preferred Experience operating in multi-vendor multi-platform environments
5 Preferred Demonstrated ability to reduce repeat audit findings and improve compliance maturity
5 Preferred Experience mentoring or guiding teams on security governance best practices
1 Preferred Experience supporting HHSC systems including SSP development and compliance
III. TERMS OF SERVICE
Services are expected to start 03/16/2026 and are expected to complete by 08/31/2026. Total estimated hours per Candidate shall not exceed 1000 hours. This service may be amended renewed and/or extended providing both parties agree to do so in writing.
IV. WORK HOURS AND LOCATION
Services shall be provided during normal business hours unless otherwise coordinated through the Texas Health and Human Services Commission. Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM excluding State holidays when the agency is closed. The primary work location(s) will be at 4601 W 51st Austin Texas 78751. The working position is Hybrid - On Site and Telework. Any and all travel per diem parking and/or living expenses shall be at the Candidates and/or Vendors expense. Texas Health and Human Services Commission will provide pre-approved written authorization for travel for any services to be performed away from the primary work location(s). Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees including any requirement for original receipts. The Candidate(s) may be required to work outside the normal business hours on weekends evenings and holidays as requested. Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through Texas Health and Human Services Commission.
Who We Are & What We Do Established in 2005, Knowledge Builders Inc. (KBI) provides Information Technology Consulting, Administrative and Health Care Staffing solutions, Payrolling and Call Center services to companies and governmental entities of all sizes. KBI is a Woman-Owned Bus ... View more