Information Security Analyst II

Fairfax County, VA

$83K — $138K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a computer or information science discipline or a related field with coursework in computer science.
  • One year of experience in information security systems, network security, or cyber security.
  • Familiarity with federal, state, and county cybersecurity regulations and standards.
  • Comfort with tools such as malware analysis, firewalls, and intrusion detection systems.
  • Criminal background check required upon appointment.

Responsibilities

  • Develop information security policies and procedures for regulatory compliance.
  • Support audits and assessments for security and privacy obligations.
  • Manage data requests related to legal and investigative matters.
  • Conduct security awareness training and policy interpretation support.
  • Investigate cybersecurity incidents and respond to security alerts.
  • Implement and support security technologies and compliance controls.
  • Coordinate cybersecurity matters with various internal and external stakeholders.

Benefits

  • Comprehensive medical, vision, and dental insurance
  • Group term life insurance
  • Long-term disability coverage
  • Flexible spending programs
  • Paid annual, sick, and parental leave
  • Paid holidays
  • Employee assistance program
  • Child care center for employees
  • Opportunities for continuous learning
Full Job Description
Acts as an Information Security Analyst within the Information Security Office (ISO), supporting cybersecurity, privacy, and technology risk management across the enterprise. This role focuses on evaluating cyber threats, responding to security incidents, supporting agency inquiries, and contributing to the implementation, governance, and operation of countywide cybersecurity controls. The position directly supports the Policy & Compliance unit within ISO.

Responsibilities may include:
  • Develops and maintains information security policies, standards, guidelines, and procedures to meet federal, state, and county regulatory requirements.
  • Supports internal and external audits, assessments, and compliance reviews for security and privacy obligations.
  • Manages data preservation and collection requests related to legal matters, Virginia Freedom of Information Act (VFOIA) requests, internal investigations, forensic activities, and other eDiscovery processes.
  • Conducts security outreach, delivering awareness training, and assists agencies in interpreting county information security policies.
  • Investigates cybersecurity incidents and responds to alerts from SIEM systems, vulnerability scans, endpoint tools, and penetration testing reports.
  • Implements, administers, and supports security technologies such as endpoint protection, data loss prevention, intrusion detection/prevention systems, application firewalls, vulnerability management platforms, and forensic utilities used by the ISO.
  • Coordinates daily with DIT divisions, agency information security coordinators, IT analysts, and external partners regarding cybersecurity and compliance matters.
  • Serves as a technical and operational advisor on cybersecurity issues, compliance questions, and policy interpretation.
  • Stays current with cybersecurity, privacy, and regulatory trends and pursuing relevant professional certifications.
  • Supports emergency IT events and participating in county Emergency Operations Center activations as needed.
  • Performs other duties as assigned.

Note: This is a hybrid position, 2 days at office, 3 days from remote, after initial 4-5 weeks at office.
Employment Standards

MINIMUM QUALIFICATIONS:

(Click on the aforementioned link to learn how Fairfax County interprets equivalencies for "Any combination, experience, and training equivalent to")

Graduation from an accredited four-year college or university with a bachelor's degree in a computer or information science discipline, IT/cyber security, network or IT systems administration, engineering; or a bachelor's degree in a business or related field that has been supplemented by at least 18 credit hours of intermediate computer science coursework; plus one year of experience in information security systems, network security, or cyber security.NECESSARY SPECIAL REQUIREMENTS:
The appointee to this position will be required to complete a criminal background check to the satisfaction of the employer.

PREFERRED QUALIFICATIONS:
  • Experience implementing, assessing, or maintaining compliance with IT and privacy regulations or standards such as HIPAA, PCIDSS, CJIS, Virginia privacy requirements, federal PII protections, and institutional standards such as the NIST Cybersecurity Framework, NIST 80053/171, ISO 27000 series, OWASP, or SANS CIS Controls.
  • Experience working with and understanding of security and network architecture, identity and access management, operating systems, cloud services, databases, and modern enterprise technologies.
  • Experience with technologies including malware analysis tools, application and network firewalls, VPN solutions, DLP, identity management platforms, SIEM solutions, and intrusion detection/prevention systems.
  • Demonstrated experience in policy development, security governance, audit support, and agency consulting.
  • Experience applying strong analytical, communication, and collaboration skills in a cybersecurity, compliance, or technical consulting environment.

PHYSICAL REQUIREMENTS:
Work is generally sedentary, performed in a normal office environment. All duties performed with or without reasonable accommodations.

SELECTION PROCEDURE:
Panel interview and may include exercise.

#LI-JY1
Merit Positions

Fairfax County is proud to offer employees an attractive and comprehensive benefits program, including the following:
  • Medical/Vision/Dental Insurance Coverage
  • Group Term Life Insurance
  • Long Term Disability
  • LiveWell Program
  • Flexible Spending Programs
  • Paid Leave (annual, sick, parental, volunteer activity, and more!)
  • Paid Holidays
  • Deferred Compensation
  • Employee Assistance Program
  • Employees' Child Care Center
  • Continuous Learning Opportunities
Please click for a summary of our benefits.

NOTE: Fairfax County Government is a qualifying employer under the Public Service Loan Forgiveness program. For more information about the PSLF program:

For additional details please visit the
Non-Merit Positions
  1. Non-Merit Benefit Eligible: scheduled to work a minimum 1,040 hours and no more than a maximum of 1,560 hours in a calendar year.
    • Medical/Vision/Dental Insurance Coverage
    • Flexible Spending Program
    • Deferred Compensation
  2. Temporary: scheduled to work a maximum of 900 hours in a calendar year.
    • No benefits

01

What is the highest level of education that you have completed?
  • Less than 12th grade
  • High school diploma or GED
  • Some college
  • Associate's degree
  • Bachelor's degree
  • Master's degree
  • Doctorate degree

02

If you answered "Some college" for the highest level of education completed, please indicate the number of quarter or semester hours you have completed towards a degree.
  • Less than 45 quarter hours
  • 45 to less than 90 quarter hours
  • 90 to less than 135 quarter hours
  • 135 to less than 180 quarter hours
  • 180 or more quarter hours
  • Less than 30 semester hours
  • 30 to less than 60 semester hours
  • 60 to less than 90 semester hours
  • 90 to less than 120 semester hours
  • 120 or more semester hours
  • Not applicable

03

Please indicate your area(s) of study or major(s)/minor(s) towards a degree. Check all that apply.
  • Computer science
  • Information technology
  • Cybersecurity
  • Electrical engineering
  • Business
  • Other (related field)
  • Other (non-related field)
  • Not Applicable

04

If you answered "Other (related field)" or "Other (non-related field)" for the previous question, please list all of your majors and minors. If this question does not pertain to you, or you do not have a degree, enter "Not applicable".
05

If you responded that you possess a business or related degree, have you completed least 18 credit hours of intermediate computer science coursework?
  • Yes
  • No

06

How many years of full-time equivalent professional experience do you have in information security systems, network security, or cyber security?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

07

How many years of full-time equivalent experience do you have implementing, assessing, or maintaining compliance with IT and privacy regulations or standards such as HIPAA, PCI DSS, CJIS, Virginia privacy requirements, federal PII protections, NIST CSF, NIST 800-53/171, ISO 27000, OWASP, or SANS CIS Controls?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

08

How many years of full-time equivalent experience do you have working with security and network architecture, identity and access management, operating systems, cloud services, databases, and modern enterprise technologies?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

09

How many years of full-time equivalent experience do you have using technologies such as malware analysis tools, application and network firewalls, VPN solutions, DLP, identity management platforms, SIEM solutions, and intrusion detection/prevention systems?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

10

How many years of full-time equivalent experience do you have in policy development, security governance, audit support, and agency consulting?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

11

How many years of full-time equivalent experience do you have applying strong analytical, communication, and collaboration skills in a cybersecurity, compliance, or technical consulting environment?
  • None
  • Less than one year
  • One to less than two years
  • Two to less than three years
  • Three to less than four years
  • Four to less than five years
  • Five or more years

12

This is a hybrid position, 2 days at office, 3 days from remote, after initial 4-5 weeks at office, will that work for you?
  • Yes
  • No

Required Question

Similar Jobs

More Jobs at Fairfax County, VA

More Information Technology Jobs

Find similar Information Security Analyst II jobs: