Senior Cyber Security Analyst (Information Security Analyst III)
This job opportunity is being re-announced. Applicants who previously applied for this job do not need to re-apply; all applications will be considered.
Serves as a senior expert in the field of Cyber and IT security and privacy on the Information Security Office (ISO) team, assessing cyber threats, responds to cyber incidents and agencies' inquiries, while implementing and administering cyber security tools and systems to ensure secure enterprise-wide IT operations, performance, data, and resiliency. Implements, administers and supports security systems to include host endpoint protection, data loss prevention, network-based intrusion detection and prevention systems, application layer firewalls, vulnerability management and forensics utilities, and other infrastructure deployed and maintained by the ISO. Participates in internal and third-party security assessments and audits requiring interaction with agencies to remediate discovered system vulnerabilities. Operates Security Information and Event Management (SIEM) system and other security dashboards to monitor, research, and respond to cyber security related events and incidents due to data loss or system breach, malicious code, system configuration, and patch management issues. Duties requires daily coordination with other DIT divisions and Agency Information Security Coordinators and IT Analysts, and external entities. Participates in fulfilling data searches including legal electronic files preservation, Freedom of Information Act (FOIA), other data requests, investigations, and forensics. Act as general technical and operation advisor for cyber on behalf of the ISO. Stays abreast of Cyber Security and seeks to acquire or maintain industry certifications. Supports and responds to emergency IT events and supports County EOC activations as needed. Performs other duties as assigned. Requires the utmost integrity, judgment and discretion in carrying out duties, and requires an unimpeachable, clean background.
NECESSARY SPECIAL REQUIREMENTS:
The appointee to this position will be required to complete a criminal background check to the satisfaction of the employer.
Knowledge and experience with implementing and assessing compliance with information technology and privacy protection regulation and standards such as PII, HIPAA, PCI-DSS, and other institutional technology standards and best practices defined by NIST, ISO 27000 series, OWASP, and SANS Top 20 Security Controls. Understanding and experience with network and security architecture, multiple operating system platforms, databases, applications, WEB and other evolving mobile and cloud technologies, to include but not limited to the following: malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host-based intrusion detection/prevention systems. Experience in handling investigations and sensitive matters.
Work is generally sedentary performed in a normal work environment. All duties performed with or without reasonable accommodations.
It is the policy of Fairfax County Government to prohibit discrimination on the basis of race, sex, color, national origin, religion, age, veteran status, political affiliation, genetics, or disability in the recruitment, selection, and hiring of its workforce.
Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act. Contact 703-324-4900 for assistance. TTY 711. EEO/AA/TTY.