Job Announcement

The Fairfax County Department of Information Technology (DIT) Information Security Office (ISO) has an opening for an Information Security Analyst IV. Implements and administers cyber security systems ensuring secure enterprise-wide operations, performance, and resiliency. Daily operational activities include analyzing and responding to system generated security incident notifications. Remediates vulnerabilities directly or facilitate the assignment of issues to County staff or vendors. If required, enacts ISO emergency processes as deemed necessary to protect county systems and data from cyber-attacks and malware. This senior analyst position supervises, evaluates, and develops assigned IT cyber security staff. Works to continually improve IT security related procedures and policies. Documents IT cyber security architecture and system design guidelines. System designs will be evaluated by the analyst to ensure appropriate controls and IT cyber security measures are included. Ensures enterprise IT architecture is compliant with federal health, privacy, and financial regulations Other duties will include evaluating new cyber solutions, identifying performance metrics, deploying new technologies, anticipating new needs, assisting in developing ISO budget, promoting the County's IT security program, conducting audits and investigations. Monitors and stays abreast of the continuous evolving threat landscape and industry trends. Knowledge will be used for planning the improvement and standardization of the IT cybersecurity defense-in-depth strategy and processes across business units.

Employment Standards

MINIMUM QUALIFICATIONS:
Any combination of education, experience, and training equivalent to the following:
(Click on the aforementioned link to learn how Fairfax County interprets equivalencies for "Any combination, experience, and training equivalent to")
Graduation from an accredited four-year college or university with a bachelor's degree in a computer or information science discipline, IT/cyber security, network or IT systems administration, engineering; or a bachelor's degree in a business or related field that has been supplemented by at least 30 credit hours of intermediate computer science coursework; plus three years of experience in information security systems, network security, or cyber security.

NECESSARY SPECIAL REQUIREMENTS:
The appointee to this position will be required to complete a criminal background check to the satisfaction of the employer.

All newly hired employees are required to be fully vaccinated against COVID-19 (two weeks after the last required dose) as a condition of employment or obtain approval of a medical or religious exemption prior to their start date. Proof of an exemption or vaccination status will be required during the pre-employment onboarding process. New employees who obtain an exemption from the vaccine mandate for medical or sincerely held religious beliefs will still be subject to the weekly testing requirement. Vaccinated employees and employees with a medical or religious exemption will complete the attestation online on their first day of employment or shortly thereafter.

PREFERRED QUALIFICATIONS:
Thorough knowledge and experience implementing and assessing compliance with information technology and privacy protection regulation and standards such as HIPAA, PCI-DSS, and other institutional technology standards and best practices defined by NIST, ISO 27000 series, OWASP, and SANS Top 20 Security Controls. Extensive knowledge of IT security architecture design, processes and controls, data security and access control systems, identification and authentication, access control encryption and related matters. Understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, to include but not limited to the following: malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host-based intrusion detection/prevention systems. Knowledge of system and network exploitation, attack pathologies and intrusion techniques, i.e., denial of services, malicious code, password cracking. Ability to communicate effectively. Capable of presenting and discussing technical information in a way that establishes rapport, persuades others, and gains understanding. Ability to maintain the highest level of judgement, ethics and integrity in handling sensitive and classified matters. Must maintain a relevant industry security certification such as CISSP, CISA, GIAC, Security + or other vendor specific security certification. Bachelor’s degree in Computer Science, Information Technology, or a related field preferred; minimum of five years of work experience in information technology security or infrastructure or system design, support, administration preferred.

PHYSICAL REQUIREMENTS:
Work is generally sedentary, performed in a normal office environment. All duties performed with or without reasonable accommodation.

SELECTION PROCEDURE:
Panel interview and may include exercise.

Fairfax County Government prohibits discrimination on the basis of race, color, religion, national origin, sex, pregnancy, childbirth or related medical conditions, age, marital status, disability, sexual orientation, gender identity, genetics, political affiliation, or military status in the recruitment, selection, and hiring of its workforce.

Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act. Contact 703-324-4900 for assistance. TTY 703-222-7314. EEO/AA/TTY.