Security Analyst with CJIS certification

Education

1. Bachelor's degree or higher in Computer Science, Information Security, or a related field.

Relevant certifications :

Security+, CySA+, Network+, SSCP, CISSP, CCSP, SecurityX/CASP+, or PenTest+

Requirements.

1. Four or more years of combined IT and security work experience within a cybersecurity related discipline.

2. Three or more years of experience working with KQL, Python, PowerShell, or batch.

3. Two or more years of experience with cloud computing and cloud computing security.

4. Requires knowledge of security issues, techniques, and implications across all existing computer platforms.

5. Demonstrate fundamental understanding of regulatory frameworks and standards such as NIST 800-53r5, CJIS Security Policy, and 60GG-2.

6. Strong communication and documentation skills.

7. Apply strong analytical and critical thinking skills to drive effective decision-making during security events.

8. Demonstrates efficient stress management and remains composed during high pressure security incidents.

9. Must have a good understanding of MITRE framework including TTPs.

10. Must be CJIS certified or can become CJIS certified.

Nice to have: Local candidate & Candidates with prior state experience:

Scope of work

The selected applicant will be expected to perform some combination of the following tasks:

1. Monitor security platforms including SIEM, EDR, and cloud-native security tools for indicators of compromise, indicators of attack, and incident response requirements.

2. Utilize Microsoft Defender XDR components (Endpoint, Cloud Apps, Identity, Office 365) extensively for monitoring, analysis, and response.

3. Identify, triage, and investigate phishing incidents including those submitted manually by end-users.

4. Perform Identity and Access Management activities with a focus on identifying and managing risky users, risky sign-ins, and sign-in event correlation.

5. Conduct in-depth investigations of security alerts, perform triage, and escalate or resolve incidents according to established procedures.

6. Produce thorough documentation including after-action reports and lessons learned, aligned with incident severity and organizational standards.

7. Adhere to strict threat-escalation policies based on incident classification, threat type, and statutory requirements.

8. Support the full incident response lifecycle: detection, containment, eradication, recovery, and post-incident reporting.

9. Maintain, tune, and optimize security detection rules, alerts, and automations to reduce false positives and improve detection accuracy (with proper approvals).

10. Follow established change-management processes for all configuration or detection-control modifications.

11. Stay informed on emerging threats, evolving attack techniques, and advancements in security technologies.

12. Assist with development and implementation of security policies and procedures.

13. Prepare security documentation.

14. Develop risk analysis and security reporting.

15. Monitor and remediate software or hardware vulnerabilities.

16. Evaluate current and future security tools and systems.

17. Document hours worked by task(s).

18. Follow FWC IT processes and coordinate with other FWC IT staff to ensure compliance with FWC standards.

19. Complies with and enforces all agency policies, procedures, and security policies.

20. Provide Technical Training (Knowledge Transfer), as required for Office of Information Technology Support Staff as

related to Information Technology security.

21. Work location will be a combination of onsite at FWC offices in Tallahassee, Florida and remote work based on

situation, to be defined on a project basis.

22. The deliverables and performance standards associated with each task identified in this scope of work are further defined in Standards and Specifications table below.