Information Security Analyst II
Fairfax County Government, Fairfax, VA, United States
Job Announcement
This position supports operations of the DIT Information Security Office, Security Monitoring & Incident Response organizational unit. Also supports the implementation, operation, and maintenance of security applications and devices for the county's enterprise information technology infrastructure, monitors the county's enterprise, investigating and responding to cybersecurity incidents, conducts security compliance audits and assessments, and develops and enforces policies, standards, and guidelines as part of the county's cybersecurity and information security programs.
Responsibilities
Developing security policies, standards, and operating procedures to comply with federal and state regulations.
Participating in internal and external security assessments and audits.
Investigating security incidents and providing resolutions based on alerts and events from security dashboards, such as a Security Information and Event Management (SIEM) system, vulnerability scans, or penetration testing assessments.
Implementing, administering, and supporting security systems, including host endpoint protection, data loss prevention, network‑based intrusion detection and prevention systems, application layer firewalls, vulnerability management, forensic tools, and other infrastructure managed by the ISO.
Coordinating daily with other divisions within the Department of Information Technology (DIT), Agency Information Security Coordinators, IT Analysts, and external entities on information security matters.
Serving as a general technical and operational advisor on cybersecurity issues for the ISO.
Keeping up to date with current and evolving cybersecurity trends and pursuing relevant industry certifications.
Supporting and responding to emergency IT events and assisting with County Emergency Operations Center activations as needed.
Performing other duties as assigned.
Employment Standards
Minimum Qualifications:
Graduation from an accredited four‑year college or university with a bachelor’s degree in a computer or information science discipline, IT/cyber security, network or IT systems administration, or engineering;
or a bachelor’s degree in a business or related field supplemented with at least 18 credit hours of intermediate computer science coursework; plus one year of experience in information security systems, network security, or cyber security.
Necessary Special Requirements:
The appointee to this position will be required to complete a criminal background check to the satisfaction of the employer.
Preferred Qualifications:
Experience working in an enterprise environment that has diverse compliance requirements for the privacy and security of data and systems (e.g., HIPAA, PCI‑DSS, PII or other relevant regulation).
Knowledge and experience with implementing and assessing compliance with information technology and privacy protection regulation and standards such as HIPAA, PCI‑DSS, CJIS, VA Code, Federal PII protections, and other institutional technology standards and best practices defined by NIST, ISO 27000 series, OWASP, and SANS Top 20 Security Controls.
Experience using technology that assists with ensuring compliance to IT Security Policy, IT Standards and Procedures of an enterprise.
Understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, to include but not limited to malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host‑based intrusion detection/prevention systems.
Experience implementing and/or administering enterprise security devices such as endpoint protection and/or firewalls.
Experience with identity management and other access controls.
Physical Requirements
Work is generally sedentary, performed in a normal office environment. All duties performed with or without reasonable accommodations.
Fairfax County Government prohibits discrimination on the basis of race, color, religion, national origin, sex, pregnancy, childbirth or related medical conditions, age, marital status, disability, sexual orientation, gender identity, genetics, political affiliation, or military status in the recruitment, selection, and hiring of its workforce. Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act. TTY 703‑222‑7314. DHREmployment@fairfaxcounty.gov EEO/AA/TTY.
#J-18808-Ljbffr
This position supports operations of the DIT Information Security Office, Security Monitoring & Incident Response organizational unit. Also supports the implementation, operation, and maintenance of security applications and devices for the county's enterprise information technology infrastructure, monitors the county's enterprise, investigating and responding to cybersecurity incidents, conducts security compliance audits and assessments, and develops and enforces policies, standards, and guidelines as part of the county's cybersecurity and information security programs.
Responsibilities
Developing security policies, standards, and operating procedures to comply with federal and state regulations.
Participating in internal and external security assessments and audits.
Investigating security incidents and providing resolutions based on alerts and events from security dashboards, such as a Security Information and Event Management (SIEM) system, vulnerability scans, or penetration testing assessments.
Implementing, administering, and supporting security systems, including host endpoint protection, data loss prevention, network‑based intrusion detection and prevention systems, application layer firewalls, vulnerability management, forensic tools, and other infrastructure managed by the ISO.
Coordinating daily with other divisions within the Department of Information Technology (DIT), Agency Information Security Coordinators, IT Analysts, and external entities on information security matters.
Serving as a general technical and operational advisor on cybersecurity issues for the ISO.
Keeping up to date with current and evolving cybersecurity trends and pursuing relevant industry certifications.
Supporting and responding to emergency IT events and assisting with County Emergency Operations Center activations as needed.
Performing other duties as assigned.
Employment Standards
Minimum Qualifications:
Graduation from an accredited four‑year college or university with a bachelor’s degree in a computer or information science discipline, IT/cyber security, network or IT systems administration, or engineering;
or a bachelor’s degree in a business or related field supplemented with at least 18 credit hours of intermediate computer science coursework; plus one year of experience in information security systems, network security, or cyber security.
Necessary Special Requirements:
The appointee to this position will be required to complete a criminal background check to the satisfaction of the employer.
Preferred Qualifications:
Experience working in an enterprise environment that has diverse compliance requirements for the privacy and security of data and systems (e.g., HIPAA, PCI‑DSS, PII or other relevant regulation).
Knowledge and experience with implementing and assessing compliance with information technology and privacy protection regulation and standards such as HIPAA, PCI‑DSS, CJIS, VA Code, Federal PII protections, and other institutional technology standards and best practices defined by NIST, ISO 27000 series, OWASP, and SANS Top 20 Security Controls.
Experience using technology that assists with ensuring compliance to IT Security Policy, IT Standards and Procedures of an enterprise.
Understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, to include but not limited to malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host‑based intrusion detection/prevention systems.
Experience implementing and/or administering enterprise security devices such as endpoint protection and/or firewalls.
Experience with identity management and other access controls.
Physical Requirements
Work is generally sedentary, performed in a normal office environment. All duties performed with or without reasonable accommodations.
Fairfax County Government prohibits discrimination on the basis of race, color, religion, national origin, sex, pregnancy, childbirth or related medical conditions, age, marital status, disability, sexual orientation, gender identity, genetics, political affiliation, or military status in the recruitment, selection, and hiring of its workforce. Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act. TTY 703‑222‑7314. DHREmployment@fairfaxcounty.gov EEO/AA/TTY.
#J-18808-Ljbffr