Title: Network Security Engineer (Repost2) #W1018
State Role Title: Info Technology Specialist II
Hiring Range: $63,000 – $90,000 per year (salary commensurate with experience)
Pay Band: 5
Agency: Department of Social Services
Location:DSS HOME OFFICE
Agency Website:https://www.dss.virginia.gov/
Recruitment Type: General Public – G
Job Duties
At the Virginia Department of Social Services, we put people at the center of everything we do. We believe that every Virginian can live a life of dignity and that all voices, ideas and experiences contribute greatly to our pursuit of excellence. Inspired by continuous improvement, we commit ourselves to listening, learning and cultivating environments of trust, respect and positive engagement. Together, we are mission-driven, eager to achieve, and passionate about bringing the best of who we are to those we serve.
We design and deliver high-quality human services that help Virginians achieve safety, independence and overall well-being. We are a $2 billion agency – one of the largest in the Commonwealth of Virginia – partnering with 120 local departments of social services and 31 community action agencies, along with faith-based and non-profit organizations, to promote the well-being of children, adults, and families statewide. We proudly serve alongside 1,650 (state) and 12,200 (local) human services professionals throughout the Social Services System, who ensure that thousands of Virginia’s most vulnerable citizens have easy access to the services and benefits available to them.
The Network Security Engineer position reports to the Operations Engineering Manager and provides matrixed support to the VDSS Network Operations Security Center (NOSC) Manager. As such, this resource participates as an active member of the operational Engineering Team with a direct interface to the NOSC, the facility used to monitor, detect, alert, and respond to enterprise level events affecting the overall agency and 120 local sites across the Commonwealth. This critical position is responsible for provisioning, deployment, configuration, and administration of network and security systems, and serves as the agency’s first line of defense against unauthorized access from outside sources and potential security threats. Not only does a network security engineer know how to mitigate any potential threats that become evident, but they also strategize and prepare before any security threat is enacted.
The Network Security Engineer will plan, design, optimize, implement, audit, and troubleshoot the network security system to improve the efficiency of the organization.
The position supports testing for network vulnerabilities, and works with a larger Operations Information Security team to evaluate, test, and troubleshoot technologies. The Engineer will ensure that systems being designed for implementation in support of the VDSS Business or ITS portfolios, are compliant with VDSS and Commonwealth security and enterprise architecture guidelines. Additionally, this resource will evaluate and recommend upgrades to network and security domains to improve security of existing systems. When needed, the engineer will help identify, diagnose, and resolve information security issues, prepares root cause analysis reports and propositions for further system security enhancement, and creates and maintains comprehensive documentation related to server and security infrastructure to ensure proper protocols and processes are in place.
The Network Security Engineer provides input to comprehensive network and system security processes and procedures, to include determining security issues that need to be addressed; identifying security strategies needed to deal with the risks; implementing policies for allocating administrative tasks; keeping on top of audit logs to flag suspicious activity; and devising network password procedures. The Engineer keeps strong relationships with the operational security team, security compliance team, integrators and vendors to maintain upgrades, installations, and planning alongside exploration of new features and innovative solutions.
The Network Engineer supports agency-wide enterprise operations and provides recommendations for the strategic network direction of the agency and 120 local sites.
A. Complexity – Extensive – The portfolio maintains 70+ systems in support of state operations and programs and 120 local departments.
B. Portfolio Size – 170+ employees plus 30 contract employees, as well as several outsourced systems
C. Span of Control – The position does not supervise staff.
D. Consequence of Error – Errors could result in significant downtime for state employees and local department personnel, as well as inaccurate provision of services. The agency administers millions of dollars in services and public assistance, which is highly regulated by the Federal government.
E. Organizational Impact – IT systems are the backbone of all work performed by the agency
F. Decision-making Authority – This position assists the NOSC Manager and other operations staff on matters pertaining to day-to-day information security and system operations.
Minimum Qualifications
• Comprehensive knowledge of local area networks (LANs), and wide area networks (WANs).
• Perform analysis of network and system security needs and contributes to design, integration, and installation of hardware and software.
• Analyze, troubleshoot, and correct network and system problems remotely and on-site.
• Ensure that changes to perimeter security systems such as firewalls and intrusion detection systems, are evaluated and tested prior to service provider implementation.
• In conjunction with the Operations Information Security Team, ensure that network and system security policy is implemented across the enterprise.
• Define requirements and design for IP load balancing with software/hardware as necessary. Work with Service Provider to ensure implementation meets design criteria and security standards.
• Define requirements and design and oversee the implementation of remote connectivity solutions including IPSec VPN, PPTP, and SSLVPN
• Monitor security system logs (i.e. intrusion detection system, firewall system logs, etc.) and report on discovered anomalies or problems (i.e. insufficient disk space, inappropriate access patterns) on a weekly basis.
• Test new hardware and software solutions prior to implementation.
• Use sniffers and other tools to troubleshoot and isolate network problems.
• Assist with network, server and application security assessments for potential business partners.
• Keep fully abreast of trends and changing technologies as they relate to IT and Systems Engineering and Information Security fields. Engages in continuous process improvement.
• Maintain LAN, WLAN and architecture of the server as per the agency policy
• As a precautionary measure, analyze and implement new security protocols for greater efficiency against any threat or malfunctions
• Track the vulnerable scripts to avert the potential threats
• Report the security analysis of findings
• Investigate Security breach alerts
• Maintain & implement SOPs for network information security operations
• Recommend modifications in legal, technical and regulatory areas that affect IT security.
• Monitor web security gateways, perimeter security, network access controls, endpoint security
• Maintain and control computer networks and related computing environments together with structures software, programs software, hardware, and configurations.
• Troubleshoot, diagnose and resolve software, hardware, and other network and system problems.
• Design and implement new solutions and improve the resilience of the modern network infrastructure.
• Perform disaster recovery operations and record backups when required.
• Monitor overall network performance to decide if changes want to be made.
• Monitor the configuration of routing and switching equipment.
• Deep understanding of networking protocols (e.g., IPSEC, HSRP, BGP, OSPF, 802.11, QoS)
• Solid understanding of the OSI or TCP/IP model
• Hands-on experience with monitoring, network diagnostic and network analytics tools
• Perform other related duties as may be required.
• Knowledge of the NIST Cybersecurity Framework (NCSF)
• Extensive technical know-how of Server Operating systems such as Linux, Windows, and UNIX
• Experience identifying threats and developing appropriate protection measures
• Hands-on expert level experience creating and maintaining network, system and solution architecture diagrams and corresponding system level documentation.
• Hands-on expert level experience with multiple shell scripting languages including but not limited to PowerShell and Bash.
• Knowledge of Firewalls, routing & switching, networking concepts such as WAN connectivity, transport types and protocols, and experience with wireless technology and Wireless deployment for a user base over 500 users per site
• Excellent communication skills and technical writing ability
Additional Considerations
• Knowledge of ITRM Standard SEC501, Information Technology Security Standard, NIST 800.53
• Ability to create accurate network diagrams and documentation for design and planning network communication systems.
Special Instructions
You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.
Selected candidate(s) must successfully pass a fingerprint-based criminal history background check. A record of criminal history does not automatically bar an applicant from consideration. Employment verification will be conducted to include current/previous supervisory employment reference checks.
VDSS will record information from each new employee’s Form I-9 (Employment Eligibility Verification) into the Federal E-Verify system to confirm identity and work authorization.
This position may be eligible for telework opportunities; availability, hours, and duration will be in accordance with the Commonwealth’s Teleworking policy.
To be considered for this position, you must submit a Commonwealth of Virginia application or resume through the on-line “Virginia Jobs” (PageUp) employment site no later than 11:55 p.m. on the closing date listed. Each application is reviewed for documentation that shows the applicant meets the minimum and additional considerations as stated in the job announcement. The decision to interview an applicant is based on the information provided. Multiple positions may be filled from this recruitment within 90 days of the closing date.
In addition to a rewarding work experience, VDSS offers excellent health and life insurance benefits, pre-tax spending accounts, state funded Short and Long Term Disability, paid holidays, vacation, tuition assistance, free wellness programs, and a state retirement plan with options for tax-deferred retirement savings including employer matching – Employee Benefits.
The Virginia Department of Social Services (VDSS) is an Equal Opportunity Employer and encourages diversity within its workforce.
VDSS does not provide sponsorship.
VDSS is an official certified state agency that values the service and experience of our Veterans. As such, Veterans are encouraged to apply and receive preference in the hiring process. AmeriCorps, Peace Corps and other national service alumni also are encouraged to apply. Reasonable accommodations are available to applicants, if requested, during the application and/or interview process.
If you have been affected by Policy 1.30 Layoff as a state employee and possess a valid Interagency Placement Screening Form (Yellow Form) or a Preferential Hiring Card (Blue Card), you must submit this document through the “Virginia Jobs” (PageUp) employment site when you apply.
Contact Information
Name: VDSS – Information Technology Services
Phone: dssrecruitment@dss.virginia.gov
Email: dssrecruitment@dss.virginia.gov
In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their Certificate of Disability (COD) provided by a Vocational Rehabilitation Counselor within the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their Certificate of Disability. If you need to get a Certificate of Disability, use this link: Career Pathways for Individuals with Disabilities, or call DARS at 800-552-5019, or DBVI at 800-622-2155.