View All Jobs 171140

Information Security Engineer (00054)

Ensure ELECT systems meet federal and state security standards and protect election infrastructure
Richmond, Virginia, United States
Senior
1 week ago
Virginia Department of Human Resource Management

Virginia Department of Human Resource Management

Oversees human resource policies, benefits, and workforce development for state employees in Virginia.
104 Similar Jobs at Virginia Department of Human Resource Management

Information Security Engineer

The Department of Elections promotes and supports accurate, fair, open and secure elections for the citizens of the Commonwealth. ELECT ensures the proper administration of election laws, campaign finance disclosure compliance, and voter registration processes in the state by promulgating rules, regulations, issuing instructions, and providing information to local Electoral Boards and general registrars. The Department of Elections envisions a highly modern, efficient and professional electoral process that is trustworthy and accountable at all levels and engages Virginia's diverse citizenry in the most fundamental right in a democratic society: the right to vote.

The Information Security Engineer is responsible for the technical execution of information security activities within ELECT systems. The Information Security Engineer ensures ELECT systems maintain confidentiality, integrity and availability for all users. The Information Security Engineer, under the direction of the Information Security Officer, ensures ELECT systems meet federal, Commonwealth of Virginia and agency security standards. The position will work with various ELECT teams and security staff of the Commonwealth of Virginia to ensure security requirements are included in SDLC activities and infrastructure operations.

Minimum Qualifications:

  • Extensive knowledge of current information technologies and security practices.
  • Architect, implement and maintain threat detection and protection of ELECT onsite and Cloud infrastructure.
  • Experience in developing security design around infrastructure and security practices and consistently adhere to stringent compliance requirements and governance processes.
  • Working Knowledge of SIEM (Security Information Event Management) tools (ex: Manage Engine, Splunk, SolarWinds).
  • Working Knowledge on Log Analyzer tools and performing regular system audits.
  • Knowledge using patch management systems such as SCCM (System Center Configuration Manager).
  • Practical experience with policy and regulatory mandates/security standards promulgated by the Virginia Information Technologies Agency (VITA) or the National Institute of Standards Technology (NIST).
  • Knowledge with vulnerability assessments and penetration testing and associated mitigation strategies.
  • Knowledge around threat attack vectors and mitigation techniques.
  • Knowledge with the configuration and troubleshooting of network or data security related controls (encryption, digital signatures, secure boot, access control, password policy management).
  • Expertise with Active Directory services, Windows domain infrastructure (with multiple domains), organizational units (OU) and server/user security through group policies.
  • Experience in design reviews and change control for quality assurance on projects.
  • Experience in acceptance testing of new releases and patches, providing technical feedback as appropriate.
  • Knowledge of the Software Development Lifecycle (SDLC) and how to layer security into that process.
  • Experience in the Agile Project Management Methodology.
  • Knowledge to improve current procedures for monitoring and managing firewalls, security groups and roles.
  • Keep the infrastructure current and recommend best practices and participate in continuous improvement of technologies and services in the security domain.
  • Experience with incident response on security incidents and participate in business use case development and review/present information security design.
  • Collaboration with cross-functional teams to achieve continuous improvement in cyber defense/resilience.
  • Experience of industry secure coding standards to prevent common vulnerabilities such as SQL Injections, Cross Site Scripting, Open Redirect and other secure coding standards.
  • Experience with data security, encryption at transit and rest, DLP and Governance auditing and best approaches to implement.
  • Experienced in designing and architecting within multiple concurrent projects.
  • Other skills and abilities include: critical thinking, active listening, judgment and decision making, complex problem solving, oral and written comprehension.

Additional Considerations:

  • Extensive experience in development and/or information security.
  • Extensive experience working in an InfoSec program as a Security Engineer.
  • Considerable software development skills.
  • Considerable scripting skills.
  • Considerable usability and interface design experience.
  • Demonstrated experience in Java, .Net, Python.
  • Demonstrated experience with SQL or other databases.
  • Certification in information technology, information security, computer science or related field.

Special Instructions:

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.

Must have or be able to obtain a valid driver's license. State applications will only be accepted as submitted online by 11:55 pm on the closing date through the Recruitment Management System (RMS). Applications submitted via email, postal mail, fax, or in person will not be considered. Applicants are expected to fully represent qualifications and work history on the State applications and or in resumes. The decision to interview an applicant is based on the information provided in the application, resume, or other relevant documents provided; therefore, it is essential for applicants to supply detailed information. Submitting an incomplete state application/resume, or a state application/resume lacking in detail, may impact your interview eligibility. This website will provide confirmation of receipt when the application is submitted successfully. Please refer to "Your Application" in your RMS Account to check the status of your application for this position. The candidate selected for this position will be required to successfully complete a background check. State employees who have been affected by Policy 1.3 Layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card) must submit the card BEFORE the closing date for this position. The card may be scanned and attached to the application or faxed to (804) 371-7401. Please include your name and the position number on the fax cover sheet. You may apply for this position at https://www.jobs.virginia.gov/home. Reasonable accommodations are available to individuals with disabilities during the application and/or interview processes per the Americans with Disabilities Act. Please contact 804-225-2131 for assistance. VETERANS, PEOPLE WITH DISABILITIES, AMERICORPS, PEACE CORPS, AND OTHER NATIONAL SERVICE ALUMNI ARE ENCOURAGED TO APPLY. Equal Opportunity Employer

Contact Information:

Name: Kimberly Crutchfield

Phone: 804-292-6542

Email: Kimberly.Crutchfield@dhrm.virginia.gov

+ Show Original Job Post
Suggest a correction
























Information Security Engineer (00054)
Richmond, Virginia, United States
Engineering
Apply to job
About Virginia Department of Human Resource Management
Oversees human resource policies, benefits, and workforce development for state employees in Virginia.