Position Description

Cyber Security Analyst

Anticipated Starting Salary Range: $80,000 - $100,000

Starting Salary Commensurate with Qualifications and Experience

The State Corporation Commission's (SCC) Office of Information Security (OIS) seeks an experienced Cyber Security Analyst to join our Security Operation Center (SOC) team. The Cyber Security Analyst will collaborate with technical resources to support efforts in protecting the SCC's infrastructure and network from cyber-attacks. Responsibilities of the Cyber Security Analyst position will include the following:

- Perform comprehensive vulnerability assessments and continuous monitoring across the SCC.

- Conduct periodic audits and vulnerability scans of OS, hardware, web, and applications.

- Manage the entire vulnerabilities lifecycle including discovery, triage, advising, remediation, and validation.

- Manage vulnerability-related tickets to ensure issues are remediated timely.

- Mitigate and remediate vulnerabilities and document all vulnerability findings and remediation efforts.

- Examine systems and applications to assess the SCC's current security posture.

- Review vulnerability data from internal vulnerability monitoring tools, external vulnerability monitoring tools, and penetration testing engagements.

- Create and present reports based on vulnerability metrics and initiatives to senior leadership.

- Generate comprehensive reports regarding outcomes, assessment findings, and proposals for further security enhancements.

- Coordinate with internal divisions to update security policies based on findings.

- Identify and define security requirements for hardware, software, networking, and cloud resources.

- Support training related to information technology and cybersecurity-related issues.

- Maintain awareness of industry best practices, the current threat landscape, and emerging threats and vulnerabilities.

- Monitor for newly published vulnerabilities applicable to the SCC's environment, including zero days.

- Monitor for active security incidents, respond accordingly, and complete security incident post-mortems.

- Maintain security baselines with the industry-standard tooling for security benchmarks and assessments.

- Design technical solutions for network boundary protection, endpoint security, access control, auditing, log management, and event management.

- Perform incident handling, response, and reporting.

- Perform security impact assessments as part of change management.

- Perform other related duties as assigned.

The SCC offers very flexible remote options, career growth opportunities, professional development, and on-the-job training.

Qualifications
Preferred Qualifications

- Professional experience working in information/cyber security including experience with computer network testing and techniques, the vulnerabilities lifecycle, network security management tools, and with Windows, Linux, and/or other Unix-like variants.

- Experience with core vulnerability management scanners (such as Rapid7, Nexpose, and Qualys) and web application scanners (such as AppSpider, WebInspect, Netsparker, and Burp).

- A strong understanding of TCP, UDP, HTTP, IP and other network protocols.

- Familiarity with Enterprise Mobility and Security Suite (EM+S), Advanced Threat Protection (ATP), Azure Information Protection (AIP) and Intune, Azure Key Vault, Azure Security Center, and OMS.

- Knowledge of server and client operating systems.

- Excellent verbal and written communication skills, as well as the ability to present information clearly.

- Ability to automate the provisioning and configuration of IT environments, including tools, such as Azure Resource Manager (ARM) templates, Puppet, Chef, Ansible, or PowerShell tools.

- Strong initiative and the ability to troubleshoot and resolve issues.

- Ability to work well both independently and in a team environment.

- Ability to perform forensics and investigate and analyze breaches or other compromises occurred.

- Ability to maintain effective, professional working relationships with SCC end users and technical staff.

- Bachelor's Degree in Information Technology, Cyber Security, Information Systems, Computer Science, or a related field is preferred but not required.

- Experience with Cloud security and monitoring services in Azure is considered a plus.

SCC Information

Located in downtown Richmond, Virginia, the SCC is a state agency with regulatory authority over many business and economic interests in Virginia. More information about the SCC may be found on our website: www.scc.virginia.gov .

The SCC offers rewarding, impactful work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce with a commitment to diversity and inclusion, collaboration, and alignment with the SCC's mission and strategic goals. Core benefits provided to SCC employees include competitive health and life insurance programs, pre-tax spending accounts, leave programs, and paid holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings including employer matching. The state also funds a short and long-term disability program.

The SCC regulates various companies and industries in Virginia; therefore, to avoid any conflict, employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report employment of household members by a regulated company.

The SCC is an Equal Opportunity Employer. Military veterans and national service alumni are encouraged to apply. The SCC uses the E-Verify system to confirm identity and work authorization and does not provide sponsorship. If requested, the SCC will provide reasonable accommodation to applicants in need of accommodation in order to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment.

The information you submit must clearly demonstrate your experience and qualifications as they relate to this position. Interview consideration is based on the information submitted online.

This position is classified in the SCC Salary Structure as a Grade P-11 and is exempt from the provisions of the Fair Labor Standards Act (FLSA).

How To Apply

This position will remain open until filled; however, interested candidates are strongly encouraged to apply by June 28, 2024 .

Qualified internal and external candidates are encouraged to apply. If you are an external candidate, apply by clicking the Apply Now button on this page. If you are an internal candidate, apply using eSCC (Oracle) - iRecruitment Employee Candidate.

Minimum Salary 80000.00 Maximum Salary 100000.00 Ad Close Date