Information Security Analyst

Virginia Information Technologies Agency•Richmond, VA

1d•Hybrid

About The Position

The Virginia Department of Education is seeking an Information Security Analyst to maintain the agency’s IT security program in accordance with Commonwealth of Virginia IT Security policies and standards. This role will also support school divisions in security planning and student privacy. The analyst will conduct continuous monitoring of enterprise systems, investigate and respond to potential threats and incidents, perform real-time cyber threat intelligence analysis, and maintain security tools and dashboards. Additionally, the role involves assisting with the administration of Splunk, processing requests from application teams, creating and updating Security Operations SOPs, and contributing to the Incident Response Program.

Requirements

Considerable knowledge and experience with Commonwealth of Virginia IT Security policies and standards.
Demonstrated ability to document processes and procedures.
Experience in administration of Linux and Windows server operating systems.
Knowledge of network architecture and interfaces.
Experience in administration of Web Application Firewalls.
Comprehensive knowledge of Splunk SIEM.
Considerable knowledge of investigation and monitoring logs.
Ability to assist with audit requirements.
Considerable experience working in information technology, security or a related field.
Previous experience as an information security analyst or related position.
Ability to communicate effectively in both written and oral communications.
Knowledge of aspects of information security in the public education setting.
Knowledge of FERPA regulations.

Nice To Haves

College degree in information systems, computer science, or related field or demonstrated progressively responsible experience in information security.
Considerable knowledge of Splunk Enterprise and Cloud administration in Windows and Linux environments.
Information Security Industry certifications, such as Certified Ethical Hacker (CEH), CompTIA Security+, or Certified Information Security Manager (CISM) are highly desirable.

Responsibilities

Conduct continuous monitoring of enterprise systems using Splunk SIEM, WAF and other approved security tools to detect, investigate, and respond to potential threats and incidents impacting agency data and overall system security.
Triage and investigate alerts from Splunk, CrowdStrike, and other detection sources to determine validity, scope, and severity.
Perform real-time cyber threat intelligence analysis and correlate actionable security events utilizing Splunk, WAF and other approved security apps.
Monitor and review threat intelligence sources to identify emerging threats, vulnerabilities, and adversary tactics relevant to the agency and sector.
Maintain Splunk dashboards, alerts, and reports to ensure proactive detection.
Assist with administration and maintenance of Splunk Enterprise and Splunk Cloud, ensuring availability, performance, and stability across the hybrid environment (Windows and Linux).
Evaluate and process requests from application teams, ensuring each is documented and approved before implementation and create rules to handle threats or application behaviors unique to the organization.
Create, and update Security Operations SOPs, processes or other documentation.
Contributes to the development and maintenance of DOE Incident Response Program including policy, procedures, and playbook scenarios.