For more than 30 years, the Virginia Lottery has been building an amazing organization committed to growth and giving back – and having fun while doing it. We work hard to build authentic relationships with all Virginians by communicating with them in relevant, unique and surprising ways. Operating entirely on revenue from game sales, rather than tax dollars, the Virginia Lottery generates approximately $1.6 million per day for Virginia’s K-12 public schools.
The Virginia Lottery is currently seeking an Information Security Analyst to join our Audit and Security Department.
The Information Security Analyst will support the Lottery Information Security Program to ensure the confidentiality, integrity, and availability of Lottery systems and data. The Information Security Analyst will perform vulnerability identification, analysis, and remediation through the collaboration with internal stakeholders across the Lottery operating system, network, and application infrastructure. The individual in this role performs application security testing using automated tools and manual validation. In addition, the Information Security Analyst coordinates and oversees third-party application security testing, reviews results, and assists with developing remediation strategies. This individual evaluates, implements, and supports information security tools (OS, network, application), and assists with the development of policies, guidelines, and procedures.
The information Security Analyst will perform application security testing activities to include:
– Participating in the daily scrum, sprint planning, and backlog grooming sessions with application development teams
– Evaluating authentication, access control, session management, input validation, logging and error handling, and encryption processes of Lottery applications using automated tools, manual validation and\or through third-party services
– Participating in the development and maintenance of application security components of the Lottery Information Security program
– Collaborating with Information Technology Services on application security best practices
– Identifying, testing, and using application vulnerability scanning tools to locate vulnerabilities and coordinate remediation actions
– Providing security recommendations to application developers to ensure secure code development
The Information Security Analyst provides support to the network, operating system, and database infrastructure to ensure systems and application security by:
– Working with the Technology and Information Security teams to identify common vulnerabilities, and remediation activities
– Evaluating new technology or changes to existing technology through formal review processes
– Proactively investigating tools and technologies for network, operating system, and database security testing
– Working with Technology staff to conduct server, application, and database vulnerability assessments throughout the system\application development life-cycle
– Coordinating incident handling and response in collaboration with the Incident Response Team
The person selected for this position will have:
– Bachelor’s Degree from an accredited 4-year College or University, with major studies in Information Technology or related field
– 2+ years in information security or 4+ years in information technology field
– 1+ years application security testing experience including the use of automated security testing and manual validation techniques
In addition, the successful candidate will possess:
– Understanding of common internet protocols at the application, transport and network layers (e.g., HTTP and SMTP)
– Knowledge of Ethernet Networking fundamentals, LAN\WAN technologies, network hardware and protocols, OSI stack, TCP/IP, wireless networks, secure communications methods, firewalls, privilege account management solutions, SIEM
– Familiarity with the characteristics of common communication encryption protocols (e.g. SSH, SSL, TLS)
– Knowledge of common application vulnerabilities, attacks, defenses, and mitigation strategies
– Ability to conduct automated vulnerability scanning and identify security vulnerabilities (e.g. OS and application)
– Excellent written and oral communication skills
– Strong attention to detail and outstanding organizational skills
– Ability to effectively multi-task, work independently with minimal supervision, as well as within a team, in a fast-paced support environment
A comparable amount of training and experience may be substituted for the minimum qualifications.
Preferred qualifications include:
– Familiarity with securing operating systems, networking equipment, and applications
– Ability to define application security requirements for projects and coordinate testing with third-party vendors
– Ability to identify information security requirements for projects and become familiar with common security weaknesses and defense strategies for new technologies
– Familiarity with COV ITRM policies, standards, and guidelines
– Possession of information security certifications preferred (e.g. CompTIA Security+, GIAC GSEC, GWEB, GPEN, or similar)
– Lottery experience preferred
The selected candidate will be required to pass a background investigation and possess a valid Driver’s License. Minimum travel required.
Special Instructions to Applicants
The Virginia Lottery is an independent state agency, and as such all positions are exempt from the Virginia Personnel Act, as well as most Executive Branch human resources policies. The Virginia Lottery is a fun place to work and values diversity in the workforce. We offer a competitive salary and excellent benefits. The Virginia Lottery is an Equal Opportunity Employer.
Only online applications completed in their entirety will be accepted for this position.
The Virginia Lottery will provide, if requested, reasonable accommodation to applicants in need of accommodation in order to provide access to the application and/or interview process. If any assistance is needed when applying online, please contact the Virginia Lottery’s Human Resources Department at 804-692-7000.
Applications will be accepted until a suitable pool of candidates is received. After 5 business days, this position may be closed at any time.