Mid-Level/Senior Cyber Security Analyst - State Corporation Commission’s (SCC) - Richmond, VA

  • 12 Jun 2023 10:09 PM
    Message # 13214404
    James Walters (Administrator)

    Mid-Level/Senior Cyber Security Analyst - State Corporation Commission’s (SCC) - Richmond, VA

    Mid-Level/Senior Cyber Security Analyst

    Anticipated Salary Range: $70,000-$90,000

    Starting Salary Commensurate with Qualifications and Experience

    The State Corporation Commission’s (SCC) Office of Information Security (OIS) seeks a dedicated and meticulous Cyber Security Analyst to ensure our software, hardware, and related components are protected from cyber-attacks. As an integral member of the team, the Cyber Security Analyst will manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation. The SCC offers a hybrid work schedule (generally 3 days of telework and 2 days in office each week), job-related training, professional development opportunities, and potential for career growth.

    Essential Duties and Responsibilities

    • Perform comprehensive vulnerability assessments and continuous monitoring across the organization, including periodic audits and vulnerability scans of OS, hardware, applications, web, and cloud services
    • Review vulnerability data from internal vulnerability monitoring tools, external vulnerability monitoring tools, and penetration testing engagements
    • Work alongside other team members to perform security incident response duties including identification, containment, eradication, and post-mortem documentation
    • Generate comprehensive reports based on vulnerability metrics and initiatives including outcomes, assessment findings, and proposals for further security enhancements
    • Deliver reports and presentations at regular occurring intervals to SCC leadership
    • Work with various business units to perform vulnerability assessments on systems or applications before going live rollouts
    • Maintain awareness of the current threat landscape and emerging threats and vulnerabilities, including zero day
    • Identify and define security requirements for hardware, software, networking, and cloud resources
    • Support ongoing awareness of industry best practices and regulatory requirements to advise of program, monitoring, and technology changes and needs
    • May support cybersecurity engineering efforts or other duties as assigned

    Preferred Qualifications

    • Professional experience with cybersecurity concepts including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
    • Experience with web application scanners (e.g., InsightAppSec, WebInspec, Netsparker, Burp, etc.)
    • Experience with core vulnerability management scanners (e.g., Rapid7, Nexpose, Qualys, etc.)
    • Strong knowledge of server and client operating systems
    • Strong ability to investigate, analyze, and troubleshoot with a proactive attitude towards solving challenging problems
    • Strong ability to mitigate vulnerabilities for which no current security fix exists
    • Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools
    • Ability to triage vulnerabilities and validate tool findings before reporting or taking action
    • Experience with using scripting languages (PowerShell, Python, etc.) to automate workflows
    • Understanding of TCP, UDP, HTTP, IP, and other network protocols
    • Technical experience with enterprise level directory/messaging services (Active Directory, LDAP, Exchange, SharePoint, O365) implementation and operations
    • Experience with Windows, Linux, and/or Unix-like variants
    • Experience with analyzing adversary tactics, techniques, and procedures to better formulate defensive strategy
    • Knowledge of SIEM, IPS/IDS, DLP, AV, and anti-malware protection
    • Knowledge of native Cloud security and monitoring services in Azure, including Network Security Groups, Azure Key Vault, Azure Firewall, Azure Active Directory, Azure Monitor, Security Center, Azure Advanced Threat Protection, and Azure Policy
    • Strong communicator who can work independently as well as collaborate effectively with all SCC staff
    • A college degree in Computer Science, Cybersecurity, Information Technology, or a related field is preferred

    SCC Information

    Located in downtown Richmond, Virginia, the SCC is a state agency with regulatory authority over many business and economic interests in Virginia. More information about the SCC may be found on our website: www.scc.virginia.gov.

    The SCC offers its employees rewarding, impactful work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce with a commitment to diversity and inclusion, collaboration, and alignment with the SCC’s mission and strategic goals. Core benefits include competitive health and life insurance programs, pre-tax spending accounts, leave programs, and paid state holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings including employer matching. The state funds a short and long-term disability program.

    The SCC regulates various companies and industries in Virginia; therefore, to avoid any conflict, employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report employment of household members by a regulated company.

    The SCC is an Equal Opportunity Employer. Military veterans and national service alumni are encouraged to apply. The SCC uses the E-Verify system to confirm identity and work authorization and does not provide sponsorship. If requested, the SCC will provide reasonable accommodation to applicants in need of accommodation to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment.

    The information you submit must clearly demonstrate your experience and qualifications as they relate to this position. Interview consideration is based on the information submitted online.

    This position is classified in the SCC Salary Structure as Grade P-9 or P-11 depending on the candidate’s qualifications and experience and will be exempt from the provisions of the Fair Labor Standards Act (FLSA).

    How to Apply

    The position will remain open until filled; however, interested candidates are strongly encouraged to apply by June 18, 2023.

    Qualified candidates are encouraged to apply on the SCC Career Center website at https://careercenter.scc.virginia.gov.

Copyright 2023, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software