Information Security Analyst

Hiring Range: $93,000 - $135,000

Full Time or Part Time: FULL TIME

Additional Detail

Job Description

To leverage knowledge and expertise in security to proactively identify and mitigate potential threats, vulnerabilities, and risks within the agency’s digital infrastructure. The mission is to uphold the confidentiality, integrity, and availability of critical data, thereby contributing to the resilience and trustworthiness of the agency’s ecosystem.

Responsibilities

The Information Security Analyst will:

• Perform vulnerability identification, analysis, and remediation through the collaboration with internal stakeholders across the agency, network, and application infrastructure
• Performs application security testing using automated tools and manual validation
• Coordinates and oversees third-party application security testing, reviews results, and assists with developing remediation strategies
• Evaluates, implements, and supports information security tools (OS, network, application)
• Assists with the development of policies, standards, guidelines, and procedures. Identifies areas of improvement for the information security program
  
  

Qualifications

• Demonstrated ability to understand and advise on network security architecture concepts, including protocols, components, and principles (e.g., application of Defense-in-Depth).
• Demonstrated ability to understand and advise information security requirements for projects, become familiar with common security weaknesses and defense strategies for new technologies, and coordinate testing with third-party vendors
• Demonstrated Knowledge of Ethernet Networking fundamentals, LAN\WAN technologies, network hardware and protocols, OSI stack, TCP/IP, wireless networks, secure communications methods, firewalls, IPS/IDS, privilege account management solutions, SIEM, WebFilters, Packet Capture Software, Forensic and Discovery Tools.
• Effective verbal and written communication skills, both with cybersecurity and industry experts, and nontechnical employees who need to follow security protocols but may not understand them on a technical level.
• Ability to effectively multi-task, work independently with minimal supervision, as well as within a team, in a fast-paced support environment
• Comprehensive understanding of multi-tier application architectures (3-tier, 4-tier etc.) as it relates to IT Security is required.
• Knowledge of securing operating systems, networking equipment, and applications
• Knowledge of Incident Response Plans.
• Familiarity with COV ITRM policies, standards, and guidelines
• Minimum: Application security testing experience including the use of automated security testing and manual validation techniques involving applications coded in one or more of the following languages: C#, Java, Java Script
• A combination of training, experience or coursework in Information Technology, Information Systems, a related field, or equivalent training and/or experience. Security , PenTest , CEH, GIAC, GPEN, GCIH, or other industry security certification.
• Must complete an annual Statement of Economic Interest and Virginia State and Local Conflict of Interest Act Training (bi-annually).
  
  

About Us

The Virginia Department of Environmental Quality (DEQ) is the primary environmental permitting agency in the Commonwealth of Virginia. It is responsible for administering laws and regulations related to air quality, water quality, water supply, renewable energy, and land protection. Through the dedication and work of over 800 employees across six regional offices and the Central Office in Richmond, DEQ issues permits, conducts monitoring and inspections, and enforces the law.