Previous Job
Previous
Senior IT Security Analyst
Ref No.: 14-01187
Location: Richmond, Virginia
Virginia State Corporation Commmission
Richmond, VA
4 months

In Person Only

*local candidates strongly preferred
**mgr will ONLY conduct in-person interviews, NO Skype, NO exceptions
***please only submit candidates who were not submitted to the previous req, 376554
****candidates MUST be able to be hired directly by the state (in the future, if budget allows) without sponsorship

Position will be working with Information Security staff, with focus on networking and vulnerabilty management.

The scope of work is to provide a full-range of information security functions and skills with a detailed understanding of networking and vulnerability management.

FUNDAMENTAL REQUIREMENTS
- Advanced working knowledge of and 12 or more years of professional experience working in Information Technology with a focus on Information Security from an operational perspective for more than 5 years
- Thorough, in-depth knowledge of and experience with TCP/IP and networking as it relates to information security including firewall, router, load balancer, and other network infrastructure
- Full understanding of Intrusion Detection and Prevention from both the network and host levels; ability to understand threat data and how to apply controls in this area
- Full understanding of vulnerability scanning and analysis of outputs; ability to understand real from false positive observations by understanding the vulnerabilities as well as the network infrastructure
- Previous experience performing penetration testing
- Previous experience performing forensics and working on an incident management team
- Full understanding of application level security and the associated vulnerabilities and controls
- Meticulous attention to detail, excellent written and verbal communication skills, ability to handle multiple priorities and work both independently and in a team environment

DESIRED QUALIFICATIONS
- Information Security certification beneficial

RESPONSIBILITIES INCLUDE
- Vulnerability scanning and analysis of outputs; work with Information Technology Division to securely remediate issue based on risk and prioritization
- Monitor Intrusion Detection Systems and provide support for investigation or incident management
- Define penetration testing criteria and lead testing efforts
- Perform forensic analysis as needed
- Define appropriate security controls for new and existing technologies
- Assist in implementation of security tools as required

ENVIRONMENT
- Microsoft Windows Server 2003, 2008, 2012
- Microsoft Exchange Server 2010
- Microsoft Office Professional 2010
- Windows Active Directory, LDAP, WSUS
- Cisco network and VPN equipment
- VMWare
- SAN, DASD, NAS
- DS-3 Telecommunications, WAN, LAN, VLAN, SIP
- Cisco VOIP
- EMC Data Domain 2500, 4500 & Networker
- Orion SolarWinds Monitoring
- WSFTP & Move IT FTP Server
- SOPHOS
- QualysGuard
Skill
Required / Desired
Amount
of Experience
Expertise Rating
Advanced working knowledge of and professional experience working in Information Technology
Required
12
Years
Professional experience/focus on Information Security from an operational perspective
Required
5
Years
Experience w/ TCP/IP & networking as it relates to information security including firewall, router, load balancer & other network infrastructure
Required
5
Years
Full understanding of Intrusion Detection/Prevention from both network & host levels; ability to understand threat data & how to apply controls
Required
5
Years
Full understanding of vulnerability scanning/analysis of outputs; ability to understand real from false positive observations
Required
5
Years
Previous experience performing penetration testing
Required
5
Years
Previous experience performing forensics and working on an incident management team
Required
5
Years
Full understanding of application level security and the associated vulnerabilties and controls
Required
5
Years
Excellent written and verbal communication skills; ability to work both independently and in a team environment
Required
Information Security certification (CSSP, CFFP) beneficial
Desired
Global Candidate Requirements
Skill
Required / Desired
Amount
of Experience
Expertise Rating
Certification and Screening Criteria
Add
Remove
Description
Valid
Location(s)
Date Achieved
Expiration
Date
Cert #
Y/N
Comment
Show to
Required before Engagement
Questions
Add
Remove
Description
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2
Please list candidate's email address that will be used when submitting E-RTR.
Question 3
In what city/state does candidate reside?
Question 4
Is your candidate able to be hired directly by the Commonwealth (in the future, if budget allows) without sponsorship?
Question 5
Does your candidate's experience match or exceed the skills listed above and the number of years of experience with each sklll?
Question 6
Does your contract agree to complete the entire engagement?
Question 7
How soon after an offer can your candidate start?
Question 8
Was this candidate submitted to the previous req, 376554? Agency is seeking ONLY NEW resumes.