Security Analyst (B. Intermediate) Anticipated Position - C

INTERVIEW= Onsite / Virtual
JOB TYPE= Onsite
The selected applicant will be expected to perform some combination of the following tasks:
1.Monitor security platforms including SIEM, EDR, and cloud-native security tools for indicators of compromise,indicators of attack, and incident response requirements.
2.Utilize Microsoft Defender XDR components (Endpoint, Cloud Apps, Identity, Office 365) extensively formonitoring, analysis, and response.
3.Identify, triage, and investigate phishing incidents including those submitted manually by end-users.
4.Perform Identity and Access Management activities with a focus on identifying and managing risky users, riskysign-ins, and sign-in event correlation.
5.Conduct in-depth investigations of security alerts, perform triage, and escalate or resolve incidents according toestablished procedures.
6.Produce thorough documentation including after-action reports and lessons learned, aligned with incidentseverity and organizational standards.
7.Adhere to strict threat-escalation policies based on incident classification, threat type, and statutoryrequirements.
8.Support the full incident response lifecycle: detection, containment, eradication, recovery, and post-incidentreporting.
9.Maintain, tune, and optimize security detection rules, alerts, and automations to reduce false positives andimprove detection accuracy (with proper approvals).
10.Follow established change-management processes for all configuration or detection-control modifications.
11.Stay informed on emerging threats, evolving attack techniques, and advancements in security technologies.
12.Assist with development and implementation of security policies and procedures.
13.Prepare security documentation.
14.Develop risk analysis and security reporting.
15.Monitor and remediate software or hardware vulnerabilities.
16.Evaluate current and future security tools and systems.
17.Document hours worked by task(s).
18.Follow FWC IT processes and coordinate with other FWC IT staff to ensure compliance with FWC standards.
19.Complies with and enforces all agency policies, procedures, and security policies.
20.Provide Technical Training (Knowledge Transfer), as required for Office of Information Technology Support Staff asrelated to Information Technology security.
21.Work location will be a combination of onsite at FWC offices in Tallahassee, Florida and remote work based onsituation, to be defined on a project basis.
22.The deliverables and performance standards associated with each task identified in this scope of work are furtherdefined in Standards and Specifications table below.
Qualification Requirements for Contractor
1.Four or more years of combined IT and security work experience within a cybersecurity relateddiscipline.
2.Three or more years of experience working with KQL, Python, PowerShell, or batch.
3.Two or more years of experience with cloud computing and cloud computing security.
4.Requires knowledge of security issues, techniques, and implications across all existing computer platforms.
5.Demonstrate fundamental understanding of regulatory frameworks and standards such as NIST 800-53r5, CJISSecurity Policy, and 60GG-2.
6.Strong communication and documentation skills.
7.Apply strong analytical and critical thinking skills to drive effective decision-making during security events.
8.Demonstrates efficient stress management and remains composed during high pressure security incidents.
9.Must have a good understanding of MITRE framework including TTPs.
10.Must be CJIS certified or can become CJIS certified.
Education
1.Bachelor's degree or higher in Computer Science, Information Security, or a related field.
2.Additional relevant experience may substitute for the recommended educational level on a year-for-yearbasis and additional relevant education may substitute for the recommended experience on a year-for-year basis.
3.Relevant certifications such as Security+, CySA+, Network+, SSCP, CISSP, CCSP, SecurityX/CASP+, or PenTest+.