Title: Cyber Security Engineer
State Role Title: Info Technology Specialist III
Hiring Range: $ 111,000 - $140,000
Pay Band: 6
Agency: Virginia Department of Health
Location: VDH-Central Office
Agency Website: https://www.vdh.virginia.gov/
Recruitment Type: General Public - G
Job Duties
Performance Management (for employees who supervise others)
• Serves in a managerial/supervisory capacity to conduct performance management activities and ensure onboarding/offboarding and training for staff
• Establishes and reviews work assignments and priorities and implements performance improvement strategies and/or problem resolution for related issues, in conjunction with program management and Human Resource staff
• Ensures relevant training and workplace safety for staff
• Conducts required performance monitoring and appraisals, establishes clear performance expectations, addresses deficiencies in a timely manner, and documents underperformance in accordance with state guidelines
Supports employee growth through regular feedback, coaching, and professional development opportunities
Data Protection & Security Implementation
• Performing remote or onsite PenTests on all VDH systems, networks, and applications to identify security weaknesses
• Analyze the vulnerabilities and mitigation methods and provide reports which include findings, risks, and conclusions
• Recommend security improvements and methods to mitigate security risks
• Work with VDH IT to determine their testing requirements and create and implementing new penetration testing methods, scripts, and tool
• Develop and implement strategies to safeguard computer data against accidental or unauthorized access, modification, destruction, or other breaches.
• Ensure the integrity of data and systems by conducting regular vulnerability scans, security checks, and updates.
• Ensure that the latest security patches are installed across systems in a timely manner.
• Oversee the maintenance and functionality of anti-virus protection systems, ensuring the latest threat definitions are applied.
• Monitor for new vulnerabilities and respond promptly to emerging security threats.
• Conduct regular risk assessments to evaluate the security posture of data processing systems.
• Ensure that sensitive and confidential information is appropriately encrypted when transmitted across networks to prevent unauthorized access.
• Must have extensive knowledge of SIEM tool such as Splunk. Must be able to on-board new data sources and Ingest logs.
• Periodic review of Errors/warnings reported by internal Splunk logs ▪ Log normalization (CIM); monitoring to ensure nothing has changed (e.g., CIM compliant logs have not changed in structure).
• Expanding log source collection of an existing source type
• Custom script development (e.g., for data collection or integration to non-standard products)
• Deployment Server management to distribute Splunk Universal Forwarder (UF) instances
• Syslog servers that collect data from infrastructure systems (firewalls, IDS, UPS or other syslog generating device)
• Splunk heavy forwarders which can collect information from various databases or third-party systems
Technical Assistance & User Training
• Maintain overall system security, improve server and network efficiency, and train users to promote security awareness and best practices.
• Address security concerns through user education and tailored security protocols.
• Work closely with internal users to understand and support a variety of technical issues, including data access needs, security violations, and programming modifications.
• Serve as a point of contact for users requiring assistance with security-related concerns.
• Modify computer security files to incorporate new software, correct errors, or change individual access status.
Systems Maintenance & Coordination
• Adapt and update security processes, applications, and tools to address evolving software requirements and correct identified errors.
• Coordinate and schedule the implementation of data security protocols, ensuring compliance with both internal policies and external vendor requirements.
• Collaborate with vendors and internal staff to ensure that security measures align with organizational goals.
• Works closely and collaboratively with the information technology team for resolving issues
• Coordinates with IT and Business teams to address security issues in a collaborative manner
• Coordinates security audit issues between Auditors and IT and works as a team
Documentation & Other Duties
• Knowledge of NISTm800-53r5
• Document and maintain clear policies, procedures, and guidelines related to computer security and emergency response measures.
• Develop and manage security documentation for both compliance and operational reference.
• Supports special projects as assigned.
• May perform other duties as assigned; may be required to assist in the event of an emergency declaration.
Other duties as assign
Minimum Qualifications
• Experience in cybersecurity, data protection, and risk management.
• In-depth knowledge of security principles, firewalls, anti-virus software, encryption, and vulnerability testing.
• Strong understanding of network protocols, security technologies, and system administration.
• Ability to collaborate effectively with users, vendors, and internal teams.
• Strong analytical skills and attention to detail in assessing risk and security needs.
• Excellent communication skills, both written and verbal.
Additional Considerations
• Advanced knowledge in Computer Science, Information Security, or a related field.
• Certification in cybersecurity (e.g., CISSP, CISM, CompTIA Security+, CC) is desirable.
Special Instructions
You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.
VDH accepts only on-line applications. Faxed, mailed, or e-mailed applications will not be considered. Applications are accepted until 11:55 p.m. on the job closing date. Applications and/or resumes should include relevant work history which indicates your qualifications for this position. Supplemental questions are encouraged to be answered in a comprehensive manner and reference any pertinent knowledge, skills, and abilities as well as any previous experience that relates to the position.
Employment is contingent upon satisfactory results of a state and federal criminal history background check and the Department of Social Service’s Child Abuse and Neglect Central Registry check, U.S. HHSIG Exclusion List check, employment reference check and E-Verify. Other financial, credit, driving, background checks or completion of Statement of Economic Interests may be required for certain positions
It is the policy of the Commonwealth and VDH that all aspects of human resource management be conducted without regard to race (or traits historically associated with race including hair texture, hair type, and protective hairstyles such as braids, locks, and twists); sex; color; national origin; religion; sexual orientation; gender identity or expression; age; veteran status; political affiliation; disability; genetic information; and pregnancy, childbirth, or related medical conditions. VDH employees have a shared Code of Ethics, which can be found in the bottom banner of our website: www.vdh.virginia.gov.
If you have been affected by DHRM Policy 1.30 layoff and possess a valid Interagency Placement Screening Form (Yellow Card) or a Preferential Hiring Form (Blue Card), you must submit the card before the closing date for this position. The Card may be submitted with the state application as an attachment.
As a V3 (Virginia Values Veterans) employer VDH Welcomes Veterans to apply!
Contact Information
Name: Lindsay Schneider
Phone: 8046299448
Email: Lindsay.schneider@vdh.virginia.gov
In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.