Security Analyst Consultant

Statement of Work (SOW) for Contingent Labor Request

Primary Work Location:
10311 Wilson Rd
Blythewood SC 29016
# of Openings:
1
Company / Department culture (why do you enjoy working for the company selling points for potential candidates):
The South Carolina Department of Motor Vehicles (SCDMV) prioritizes secure and efficient IT systems to ensure the integrity of motor vehicle licensing and titling data. We cultivate a security-focused culture guided by our core values of competence commitment and courtesy where IT professionals play a vital role in protecting sensitive information and upholding public trust.
Why is this position open (new role increased workload new dept resignation promotion) This is a ReBid.

What types of staffing challenges or headaches have you experienced in the past
Quality of Resume
Resume needs to be specific and describe not just list candidates experience with the relevant technologies in a professional capacity. Non-professional experience may be referenced but will not be highly regarded.
Candidate Quality
Candidate must demonstrate positive attitude and be able to work with a diverse team of varying skill levels contributing Constructive ideas and criticism. Excellent communication skills are required.
Scope of the project:
Enhance the security posture of the South Carolina Department of Motor Vehicles (SCDMV) to protect sensitive citizen data and ensure the integrity of motor vehicle licensing and titling systems.

Pre-employment Checks (drug credit criminal motor vehicle)
Drug Credit Criminal

Daily Duties / Responsibilities:
Champion DevSecOps through Security Automation: Leverage your full-stack development expertise to design implement and maintain security tools and automation. This includes building scripts to automate critical tasks like data security checks vulnerability scanning and user access control streamlining security processes and improving overall efficiency.
Monitor and analyze security events: Youll be responsible for monitoring security information and event management (SIEM) tools to identify potential threats and suspicious activity. Along with determine security gaps in these controls to improve overall security posture. This will also involve analyzing logs investigating alerts and using your knowledge of security frameworks (NIST CIS CISA) to assess risk.
Support secure application development: Youll collaborate with developers to ensure secure coding practices are followed throughout the Software Development Lifecycle (SDLC). This might involve code reviews threat modeling and providing guidance on secure development principles.
Investigate and respond to security incidents: In the event of a security breach youll be part of the incident response team helping to identify the root cause mitigate damage and implement recovery procedures.
Document security procedures and best practices: Youll develop clear and concise documentation for security policies procedures and best practices. This may involve creating training materials or user guides to ensure everyone understands their role in maintaining security.
Provide on-call support when needed and other related duties as required.
Required Skills (rank in order of importance):
Exceptional communication and interpersonal skills with a proven ability to deliver exceptional customer service through training and documentation.
5 years of Expert level experience with C# Python powershell and rust (is a plus)
Understanding of secure by design principles.
1 year of Understanding of automation principles including the use of AI ML and scripting to streamline security tasks.
3 years of Understanding of the Software Development Lifecycle (SDLC) and DevSecOps principles to integrate security considerations throughout the application development process.
3 years of Proficiency in cloud security principles including identity and access management data security and compliance. Preferred Skills (rank in order of importance):
1 Year of Experience with SIEM (Security Information and Event Management) tools including configuration tuning threat hunting and alert creation.
1 Year of In-depth knowledge of security frameworks including NIST CIS and CISA and their application in a hybrid environment.
Solid understanding of incident response processes and experience in implementing them effectively.
Advanced understanding of security controls including their configuration and implementation in hybrid environments.
1 Year of Expertise in data classification and DLP (Data Loss Prevention) configuration to safeguard sensitive information.
Required Education:
A bachelors degree in information technology systems computer science cybersecurity or a related field. Relevant experience may be substituted for the degree on a year-for-year basis Preferred Certifications:
Not required however we prioritize applicants who have:
Certified Incident Handler (GCIH)
Certified Computer Security Incident Handler (CSIH)
EC-Council Certified Incident Handler (ECIH)
EC-Council Certified Network Defender (CND)
GIAC Critical Infrastructure Protection (GCIP)
GIAC Defensible Security Architecture (GDSA)

Interview Process (who will conduct i/v phone or in-person how many rounds of i/vs)
Virtual Interviews preferred
1 round of interviews Schedule Interview: How soon can you schedule an interview (date / times)

Interviews will be scheduled 3-4 days after posting closes.