Security Analyst

Job Title : Security Analyst – Consultant

Work Location : Blythewood, SC 29016

Work Type : Hybrid (4 days remote and 1 day onsite)

Duration : 12 Months (Possibility of Extension)

Interview Type : Virtual (1 Round)

Position Overview :

The Security Analyst – Consultant will play a key role in enhancing the overall security posture of SCDMV’s IT systems and applications. This individual will champion DevSecOps principles , implement security automation, monitor and respond to threats, and collaborate with development teams to ensure secure coding practices across the SDLC. The role demands a proactive, analytical professional with strong communication skills and hands-on experience in modern security and development tools.

Daily Duties / Responsibilities :

• Champion DevSecOps through Security Automation : Design, implement, and maintain security tools and automation to improve efficiency through scripting, vulnerability scanning, and user access control.
• Monitor and Analyze Security Events : Use SIEM tools to identify and assess potential threats and suspicious activities, and recommend control improvements based on NIST, CIS, and CISA frameworks.
• Support Secure Application Development : Collaborate with developers to ensure secure coding practices, perform code reviews, threat modeling, and provide security guidance during the SDLC.
• Investigate and Respond to Security Incidents : Participate in incident response activities, identify root causes, mitigate risk, and develop recovery procedures.
• Document Security Procedures : Create clear, concise security policies, best practices, and user training materials to reinforce organization-wide security awareness.
• Provide On-call Support : Support security operations and related duties as required.

Required Skills (Ranked in Order of Importance) :

• Exceptional communication and interpersonal skills, with a proven ability to deliver exceptional customer service through training and documentation.
• 5 years of Expert-level experience with C#, Python, PowerShell , and Rust (is a plus) .
• Understanding of secure by design principles .
• 1 year of Understanding of automation principles , including the use of AI, ML, and scripting , to streamline security tasks.
• 3 years of Understanding of the Software Development Lifecycle (SDLC) and DevSecOps principles to integrate security considerations throughout the application development process.
• 3 years of Proficiency in cloud security principles , including identity and access management, data security, and compliance.

Preferred Skills (Ranked in Order of Importance) :

• 1 year of Experience with SIEM (Security Information and Event Management) tools, including configuration, tuning, threat hunting, and alert creation.
• 1 year of In-depth knowledge of security frameworks , including NIST, CIS, and CISA , and their application in a hybrid environment.
• Solid understanding of incident response processes and experience in implementing them effectively.
• Advanced understanding of security controls , including their configuration and implementation in hybrid environments.
• 1 year of Expertise in data classification and DLP (Data Loss Prevention) configuration to safeguard sensitive information.

Preferred Certifications :

While not mandatory, the following certifications are preferred :

• Certified Incident Handler (GCIH)
• Certified Computer Security Incident Handler (CSIH)
• EC-Council Certified Incident Handler (ECIH)
• EC-Council Certified Network Defender (CND)
• GIAC Critical Infrastructure Protection (GCIP)
• GIAC Defensible Security Architecture (GDSA)