Information Security Engineer (00054)

Title: Information Security Engineer (00054)

State Role Title:Info Technology Specialist III

Hiring Range: Up to $130,000

Pay Band: 6

Agency: Department of Elections

Location:Department of Elections

Agency Website:;br>
Recruitment Type: General Public - G

Job Duties

About the Agency
The Department of Elections promotes and supports accurate, fair, open and secure elections for the citizens of the Commonwealth. ELECT ensures the proper administration of election laws, campaign finance disclosure compliance, and voter registration processes in the state by promulgating rules, regulations, issuing instructions, and providing information to local Electoral Boards and general registrars.

The Department of Elections envisions a highly modern, efficient and professional electoral process that is trustworthy and accountable at all levels and engages Virginia's diverse citizenry in the most fundamental right in a democratic society: the right to vote.

About the Position
The Information Security Engineer is responsible for the technical execution of information security activities within ELECT systems. The Information Security Engineer ensures ELECT systems maintain confidentiality, integrity and availability for all users. The Information Security Engineer, under the direction of the Information Security Officer, ensures ELECT systems meet federal, Commonwealth of Virginia and agency security standards. The position will work with various ELECT teams and security staff of the Commonwealth of Virginia to ensure security requirements are included in SDLC activities and infrastructure operations.

Minimum Qualifications

Extensive knowledge of current information technologies and security practices.
Architect, implement and maintain threat detection and protection of ELECT onsite and Cloud infrastructure.
Experience in developing security design around infrastructure and security practices and consistently adhere to stringent compliance requirements and governance processes.
Working Knowledge of SIEM (Security Information Event Management) tools (ex: Manage Engine, Splunk, SolarWinds).
Working Knowledge on Log Analyzer tools and performing regular system audits.
Knowledge using patch management systems such as SCCM (System Center Configuration Manager).
Practical experience with policy and regulatory mandates/security standards promulgated by the Virginia Information Technologies Agency (VITA) or the National Institute of Standards Technology (NIST).
Knowledge with vulnerability assessments and penetration testing and associated mitigation strategies.
Knowledge around threat attack vectors and mitigation techniques.
Knowledge with the configuration and troubleshooting of network or data security related controls (encryption, digital signatures, secure boot, access control, password policy management).
Expertise with Active Directory services, Windows domain infrastructure (with multiple domains), organizational units (OU) and server/user security through group policies.
Experience in design reviews and change control for quality assurance on projects.
Experience in acceptance testing of new releases and patches, providing technical feedback as appropriate.
Knowledge of the Software Development Lifecycle (SDLC) and how to layer security into that process.
Experience in the Agile Project Management Methodology.
Knowledge to improve current procedures for monitoring and managing firewalls, security groups and roles.
Keep the infrastructure current and recommend best practices and participate in continuous improvement of technologies and services in the security domain.
Experience with incident response on security incidents and participate in business use case development and review/present information security design.
Collaboration with cross-functional teams to achieve continuous improvement in cyber defense/resilience.
Experience of industry secure coding standards to prevent common vulnerabilities such as SQL Injections, Cross Site Scripting, Open Redirect and other secure coding standards.
Experience with data security, encryption at transit and rest, DLP and Governance auditing and best approaches to implement.
Experienced in designing and architecting within multiple concurrent projects.

Other skills and abilities include:
o Critical thinking
o Active listening
o Judgment and decision making
o Complex problem solving
o Oral and written comprehension

Additional Considerations

Extensive experience in development and/or information security.
Extensive experience working in an InfoSec program as a Security Engineer.
Considerable software development skills.
Considerable scripting skills.
Considerable usability and interface design experience.
Demonstrated experience in Java, .Net, Python.
Demonstrated experience with SQL or other databases.
Certification in information technology, information security, computer science or related field.

Special Instructions

You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.

Must have or be able to obtain a valid driver's license.

State applications will only be accepted as submitted online by 11:55 pm on the closing date through the Recruitment Management System (RMS). Applications submitted via email, postal mail, fax, or in person will not be considered. Applicants are expected to fully represent qualifications and work history on the State applications and or in resumes. The decision to interview an applicant is based on the information provided in the application, resume, or other relevant documents provided; therefore, it is essential for applicants to supply detailed information. Submitting an incomplete state application/resume, or a state application/resume lacking in detail, may impact your interview eligibility. This website will provide confirmation of receipt when the application is submitted successfully. Please refer to "Your Application" in your RMS Account to check the status of your application for this position.

The candidate selected for this position will be required to successfully complete a background check. State employees who have been affected by Policy 1.3 Layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card) must submit the card BEFORE the closing date for this position. The card may be scanned and attached to the application or faxed to . Please include your name and the position number on the fax cover sheet. You may apply for this position at Reasonable accommodations are available to individuals with disabilities during the application and/or interview processes per the Americans with Disabilities Act. Please contact for assistance. VETERANS, PEOPLE WITH DISABILITIES, AMERICORPS, PEACE CORPS, AND OTHER NATIONAL SERVICE ALUMNI ARE ENCOURAGED TO APPLY.

Equal Opportunity Employer

Contact Information

Name: Kimberly Crutchfield

Phone:

Email:

In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.