Cyber Security Engineer - Virginia State Corporation Commission

  • 20 Apr 2022 5:18 PM
    Message # 12716433
    James Walters (Administrator)

    Cyber Security Engineer - Virginia State Corporation Commission

    Cyber Security Engineer – 2 positions

    Anticipated Starting Salary Range: $75,000 – $110,000

    Starting Salary Commensurate with Qualifications and Experience

    The State Corporation Commission (SCC) seeks two dedicated and self-motivated information security professionals to join the Security Operational Center (SOC) within its Office of Information Security. The individuals selected for these positions will work independently and as part of a broader information security team to ensure the security and compliance of SCC’s business processes and related information assets. The Cyber Security Engineers will develop security systems, analyze current systems for vulnerabilities, and respond to cyber-attacks efficiently and effectively. While one position will focus on network security administration and one will focus on client security administration, cross-training is strongly encouraged on this team, and opportunities to work in both areas exist for these positions.

    Position Responsibilities – Both Positions

    • Participate in all phases of cybersecurity functions — Identity, Protect, Detect, Respond, and Recover, leveraging relevant technology stacks, including SIEM, EDR, email security, vulnerability management, data loss prevention (DLP), network security appliances, and Cloud security technologies
    • Conduct technical investigations for critical cyber security incidents and take technical measures to contain, remediate, and document security incidents
    • Carry out forensic and malware analysis, as well as complex log analysis
    • Perform event correlation review through incoming data feeds, ticketing systems, and security alert mechanisms
    • Collect and organize information security-related data and issues and contribute to the technical risk management dashboard
    • Design and implement security measures for the protection of computer systems, networks, and information
    • Identify, define, and communicate information security requirements
    • Prepare and document standard security procedures and processes as well as technology-specific security baselines
    • Consult and advise system owners on the best methods for meeting information security requirements and remediating identified vulnerabilities
    • Define system policies for systems users
    • Act as subject matter experts on a range of cyber security issues and partner with the Information Technology Division (ITD) and business process owners to ensure the confidentiality, integrity, and availability of systems services and information assets

    Position Responsibilities – Network Security Administration
    • Define new and update existing network systems security requirements and specifications
    • Lead the development and implementation of information security procedures
    • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repetitive tasks
    • Evaluate network system design and configuration for security
    • Develop recommendations for systems security upgrades and improvements
    • Evaluate the impact of security configuration on system design and performance

    Position Responsibilities – Client Security Administration

    • Ensure that endpoint protection is current and active on all workstations and servers
    • Perform comprehensive vulnerability assessments and continuous monitoring across the organization
    • Conduct periodic audits and vulnerability scans of OS, hardware, applications, web services, cloud services, etc.
    • Work with the SCC’s business units to perform vulnerability assessments on systems or applications
    • Manage vulnerability related requests to ensure issues are remediated within proper timelines

    Minimum Qualifications

    Preferred Qualifications

    • Considerable technical experience working on a cyber security operation team
    • Hands-on experience implementing and administering information security, infrastructure, and software
    • Experience evaluating potential security solutions, selecting and recommending the best solution
    • Experience producing design documents that are used by others to implement solutions effectively
    • Experience designing and implementing security technologies, such as IDS/IPS, SIEM, access controls, encryption, and forensic tools
    • Understanding of cyber hacker methodology
    • A bachelor’s or master’s degree in Cybersecurity, Information Security, Computer Science, or a related field is preferred but not required
    • Strong knowledge of information security concepts, including threats, vulnerabilities, encryption, boundary defense, and authentication
    • Demonstrated adaptability and the ability to grow within the information security field
    • Strong verbal and written communication skills with the ability to listen intently
    • Ability to develop and maintain effective working relationships with all levels of the organization and representatives of outside agencies
    • Applicants to these positions should have some experience and familiarity with the following: security awareness; Vulnerability Management (Rapid 7); McAfee ePO Antivirus/antimalware; SIEM; NSM / IPS-IDS; firewalls; security policy development; security monitoring; security reporting
    • Relevant information security and technology certifications are a plus

    Additional Information

    The SCC offers its employees rewarding, impactful work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce committed to diversity and inclusion, collaboration, and alignment with the SCC’s mission and strategic goals. Core benefits provided to SCC employees include competitive health and life insurance programs, pre-tax spending accounts, leave programs, and paid holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings, including employer matching. The state funds a short and long-term disability program.

    The SCC regulates various companies and industries in Virginia; therefore, to avoid any conflict, employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report the employment of household members by a regulated company.

    The SCC is an Equal Opportunity Employer. Military veterans and national service alumni are encouraged to apply. The SCC uses the E-Verify system to confirm identity and work authorization and does not provide sponsorship. If requested, the SCC will provide reasonable accommodation to applicants in need of accommodation to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment.

    The information you submit must demonstrate your experience and qualifications related to this position. Interview consideration is based on the information submitted online.

    These positions are classified in the SCC Salary Structure as Grade P-11 or P-13, depending on the qualifications and experience of the selected candidates. These positions are exempt from the provisions of the Fair Labor Standards Act (FLSA).

    Special Requirements

    How to Apply

    Qualified candidates are encouraged to apply on the SCC Career Center website at Please note that the SCC does not accept applications directly through the Virginia Jobs website. These positions will remain open until filled; however, interested candidates are strongly encouraged to apply by March 9, 2022.

    Special Instructions to Applicants

    How to Apply

    Qualified candidates are encouraged to apply on the SCC Career Center website at Please note that the SCC does not accept applications directly through the Virginia Jobs website. These positions will remain open until filled; however, interested candidates are strongly encouraged to apply by March 9, 2022.

Copyright 2022, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software