Information Security Analyst II

About The Position

Requirements

• Graduation from an accredited four-year college or university with a bachelor's degree in a computer or information science discipline, IT/cyber security, network or IT systems administration, engineering; or a bachelor's degree in a business or related field that has been supplemented by at least 18 credit hours of intermediate computer science coursework.
• At least one year of experience in information security systems, network security, or cyber security.

Nice To Haves

• Knowledge and experience with implementing and assessing compliance with information technology and privacy protection regulation and standards such as HIPAA, PCI-DSS, CJIS, VA Code and Federal PII protections.
• Understanding and experience with network and security architecture, multiple operating system platforms, identity management, access control, databases, web applications, and other evolving mobile and cloud technologies.
• Experience with malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host-based intrusion detection/prevention systems.

Responsibilities

• Developing security policies, standards, and operating procedures to comply with federal and state regulations.
• Participating in internal and external security assessments and audits.
• Handling data preservation and collection requests related to legal matters, Virginia Freedom of Information Act (VFOIA) requests, internal investigations, forensic investigations, and other eDiscovery requests.
• Conducting agency outreach and security awareness training programs.
• Investigating security incidents and providing resolutions based on alerts and events from security dashboards, such as a Security Information and Event Management (SIEM) system, vulnerability scans, or penetration testing assessments.
• Implementing, administering, and supporting security systems, including host endpoint protection, data loss prevention, network-based intrusion detection and prevention systems, application layer firewalls, vulnerability management, forensic tools, and other infrastructure managed by the ISO.
• Coordinating daily with other divisions within the Department of Information Technology (DIT), Agency Information Security Coordinators, IT Analysts, and external entities on information security matters.
• Serving as a general technical and operational advisor on cybersecurity issues for the ISO.
• Keeping up to date with current and evolving cybersecurity trends and pursuing relevant industry certifications.
• Supporting and responding to emergency IT events and assisting with County Emergency Operations Center activations as needed.
• Performing other duties as assigned.