Cyber Security Engineer

Title: Cyber Security Engineer

State Role Title:Info Technology Specialist III

Hiring Range: $ 111000 - $140000

Pay Band: 6

Agency: Virginia Department of Health

Location:VDH-Central Office

Agency Website: Type: General Public - G

Job Duties

Performance Management (for employees who supervise others)
Serves in a managerial/supervisory capacity to conduct performance management activities and ensure onboarding/offboarding and training for staff
Establishes and reviews work assignments and priorities and implements performance improvement strategies and/or problem resolution for related issues in conjunction with program management and Human Resource staff
Ensures relevant training and workplace safety for staff
Conducts required performance monitoring and appraisals establishes clear performance expectations addresses deficiencies in a timely manner and documents underperformance in accordance with state guidelines
Supports employee growth through regular feedback coaching and professional development opportunities

Data Protection & Security Implementation
Performing remote or onsite PenTests on all VDH systems networks and applications to identify security weaknesses
Analyze the vulnerabilities and mitigation methods and provide reports which include findings risks and conclusions
Recommend security improvements and methods to mitigate security risks
Work with VDH IT to determine their testing requirements and create and implementing new penetration testing methods scripts and tool
Develop and implement strategies to safeguard computer data against accidental or unauthorized access modification destruction or other breaches.
Ensure the integrity of data and systems by conducting regular vulnerability scans security checks and updates.
Ensure that the latest security patches are installed across systems in a timely manner.
Oversee the maintenance and functionality of anti-virus protection systems ensuring the latest threat definitions are applied.
Monitor for new vulnerabilities and respond promptly to emerging security threats.
Conduct regular risk assessments to evaluate the security posture of data processing systems.
Ensure that sensitive and confidential information is appropriately encrypted when transmitted across networks to prevent unauthorized access.
Must have extensive knowledge of SIEM tool such as Splunk. Must be able to on-board new data sources and Ingest logs.
Periodic review of Errors/warnings reported by internal Splunk logs Log normalization (CIM); monitoring to ensure nothing has changed (e.g. CIM compliant logs have not changed in structure).
Expanding log source collection of an existing source type
Custom script development (e.g. for data collection or integration to non-standard products)
Deployment Server management to distribute Splunk Universal Forwarder (UF) instances
Syslog servers that collect data from infrastructure systems (firewalls IDS UPS or other syslog generating device)
Splunk heavy forwarders which can collect information from various databases or third-party systems

Technical Assistance & User Training
Maintain overall system security improve server and network efficiency and train users to promote security awareness and best practices.
Address security concerns through user education and tailored security protocols.
Work closely with internal users to understand and support a variety of technical issues including data access needs security violations and programming modifications.
Serve as a point of contact for users requiring assistance with security-related concerns.
Modify computer security files to incorporate new software correct errors or change individual access status.

Systems Maintenance & Coordination
Adapt and update security processes applications and tools to address evolving software requirements and correct identified errors.
Coordinate and schedule the implementation of data security protocols ensuring compliance with both internal policies and external vendor requirements.
Collaborate with vendors and internal staff to ensure that security measures align with organizational goals.
Works closely and collaboratively with the information technology team for resolving issues
Coordinates with IT and Business teams to address security issues in a collaborative manner
Coordinates security audit issues between Auditors and IT and works as a team

Documentation & Other Duties
Knowledge of NISTm800-53r5
Document and maintain clear policies procedures and guidelines related to computer security and emergency response measures.
Develop and manage security documentation for both compliance and operational reference.
Supports special projects as assigned.
May perform other duties as assigned; may be required to assist in the event of an emergency declaration.
Other duties as assign

Minimum Qualifications

Experience in cybersecurity data protection and risk management.
In-depth knowledge of security principles firewalls anti-virus software encryption and vulnerability testing.
Strong understanding of network protocols security technologies and system administration.
Ability to collaborate effectively with users vendors and internal teams.
Strong analytical skills and attention to detail in assessing risk and security needs.
Excellent communication skills both written and verbal.

Additional Considerations

Advanced knowledge in Computer Science Information Security or a related field.
Certification in cybersecurity (e.g. CISSP CISM CompTIA Security CC) is desirable.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.

VDH accepts only on-line applications. Faxed mailed or e-mailed applications will not be considered. Applications are accepted until 11:55 p.m. on the job closing date. Applications and/or resumes should include relevant work history which indicates your qualifications for this position. Supplemental questions are encouraged to be answered in a comprehensive manner and reference any pertinent knowledge skills and abilities as well as any previous experience that relates to the position.

Employment is contingent upon satisfactory results of a state and federal criminal history background check and the Department of Social Services Child Abuse and Neglect Central Registry check U.S. HHSIG Exclusion List check employment reference check and E-Verify. Other financial credit driving background checks or completion of Statement of Economic Interests may be required for certain positions

It is the policy of the Commonwealth and VDH that all aspects of human resource management be conducted without regard to race (or traits historically associated with race including hair texture hair type and protective hairstyles such as braids locks and twists); sex; color; national origin; religion; sexual orientation; gender identity or expression; age; veteran status; political affiliation; disability; genetic information; and pregnancy childbirth or related medical conditions. VDH employees have a shared Code of Ethics which can be found in the bottom banner of our website: .
If you have been affected by DHRM Policy 1.30 layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card) you must submit the card before the closing date for this position. The Card may be submitted with the state application as an attachment.

As a V3 (Virginia Values Veterans) employer VDH Welcomes Veterans to apply!

Contact Information

Name: Lindsay Schneider

Phone:

Email:

In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.