Security Analyst

Job Purpose:

All deliverables ( Work ) developed, and work conducted by the Contractor pursuant to this SOW shall be performed in accordance with OIT standards and specifications. FWC will perform a background check including fingerprinting for selected candidates prior to the Contractor commencing work. FWC requires selected candidates to comply with all FWC policies and procedures.

Qualifications

Education - Bachelor s degree or higher in Computer Science, Information Security, or a related field.

Or Additional relevant experience may substitute for the recommended educational level on a year-for-year basis and additional relevant education may substitute for the recommended experience on a year-for-year basis.

Certifications - Relevant certifications such as Security+, CySA+, Network+, SSCP, CISSP, CCSP, SecurityX/CASP+, or PenTest+.

Required Experience

This position requires the following experience and/or knowledge:

1. Four or more years of combined IT and security work experience within a cybersecurity related discipline.

2. Three or more years of experience working with KQL, Python, PowerShell, or batch.

3. Two or more years of experience with cloud computing and cloud computing security.

4. Requires knowledge of security issues, techniques, and implications across all existing computer platforms.

5. Demonstrate fundamental understanding of regulatory frameworks and standards such as NIST 800-53r5, CJIS Security Policy, and 60GG-2.

6. Strong communication and documentation skills.

7. Apply strong analytical and critical thinking skills to drive effective decision-making during security events.

8. Demonstrates efficient stress management and remains composed during high pressure security incidents.

9. Must have a good understanding of MITRE framework including TTPs.

10. Must be CJIS certified or can become CJIS certified.

Primary Job Duties and Tasks

Monitor security platforms including SIEM, EDR, and cloud-native security tools for indicators of compromise, indicators of attack, and incident response requirements.

Utilize Microsoft Defender XDR components (Endpoint, Cloud Apps, Identity, Office 365) extensively for monitoring, analysis, and response.

Identify, triage, and investigate phishing incidents including those submitted manually by end-users.

4.Perform Identity and Access Management activities with a focus on identifying and managing risky users, risky sign-ins, and sign-in event correlation.

Conduct in-depth investigations of security alerts, perform triage, and escalate or resolve incidents according to established procedures.

Produce thorough documentation including after-action reports and lessons learned, aligned with incident severity and organizational standards.

Adhere to strict threat-escalation policies based on incident classification, threat type, and statutory requirements.

Support the full incident response lifecycle: detection, containment, eradication, recovery, and post-incident reporting.

Maintain, tune, and optimize security detection rules, alerts, and automations to reduce false positives and improve detection accuracy (with proper approvals).

Follow established change-management processes for all configuration or detection-control modifications.

Stay informed on emerging threats, evolving attack techniques, and advancements in security technologies.

Assist with development and implementation of security policies and procedures.

Prepare security documentation.

Develop risk analysis and security reporting.

Monitor and remediate software or hardware vulnerabilities.

Evaluate current and future security tools and systems.

Document hours worked by task(s).

Follow FWC IT processes and coordinate with other FWC IT staff to ensure compliance with FWC standards.

Complies with and enforces all agency policies, procedures, and security policies.

Provide Technical Training (Knowledge Transfer), as required for Office of Information Technology Support Staff as related to Information Technology security.

Work location will be a combination of onsite at FWC offices in Tallahassee, Florida and remote work based on situation, to be defined on a project basis.

The deliverables and performance standards associated with each task identified in this scope of work are further defined in Standards and Specifications table below.

About ArnAmy, Inc.:

ArnAmy, Inc. is a leading information technology consulting and software development firm in Tallahassee, FL since 2007. ArnAmy has been providing high quality services to clients and prides itself in implementing dependable solutions to ensure client's success. ArnAmy is formed and led by principle centered leaders with Subject Matter Expertise in all disciplines of Information Technology. Company has proven record of 100% successful projects and 100% satisfied clients, and employees. We are inviting bright professionals with integrity and have passion to achieve higher goals to join our award winning (Tallahassee s BEST in IT Solutions 2017 &2016) excellent and talented team.

ArnAmy, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability or marital status. Women and Minorities are encouraged to apply.

PLEASE SEND RESUMES AND SALARY EXPECTATIONS TO THANK YOU!