Security Analyst

The selected applicant will be expected to perform a combination of the following tasks:

1. Monitor security platforms, including SIEM, EDR, and cloud-native security tools, for indicators of compromise (IOCs), indicators of attack (IOAs), and incident response requirements.
2. Utilize Microsoft Defender XDR components (Endpoint, Cloud Apps, Identity, Office 365) for monitoring, analysis, and response.
3. Identify, triage, and investigate phishing incidents, including those submitted by end users.
4. Perform Identity and Access Management (IAM) activities, focusing on identifying and managing risky users, risky sign-ins, and correlating sign-in events.
5. Conduct in-depth investigations of security alerts; perform triage and escalate or resolve incidents according to established procedures.
6. Produce thorough documentation, including after-action reports and lessons learned, aligned with incident severity and organizational standards.
7. Adhere to strict threat escalation policies based on incident classification, threat type, and statutory requirements.
8. Support the full incident response lifecycle: detection, containment, eradication, recovery, and post-incident reporting.
9. Maintain, tune, and optimize security detection rules, alerts, and automations to reduce false positives and improve detection accuracy (with proper approvals).
10. Follow established change management processes for all configuration or detection control modifications.
11. Stay informed on emerging threats, evolving attack techniques, and advancements in security technologies.
12. Assist in the development and implementation of security policies and procedures.
13. Prepare and maintain security documentation.
14. Develop risk analyses and security reports.
15. Monitor and remediate software and hardware vulnerabilities.
16. Evaluate current and future security tools and systems.
17. Document hours worked by task.
18. Follow FWC IT processes and coordinate with IT staff to ensure compliance with FWC standards.
19. Comply with and enforce all agency policies, procedures, and security requirements.
20. Provide technical training (knowledge transfer) to Office of Information Technology support staff as required.
21. Work location will include a combination of onsite work at FWC offices in Tallahassee, Florida, and remote work, as defined per project.
22. Deliverables and performance standards for each task are further defined in the Standards and Specifications table below.

Qualification Requirements for Contractor

1. Four or more years of combined IT and security experience within a cybersecurity-related discipline.
2. Three or more years of experience with KQL, Python, PowerShell, or batch scripting.
3. Two or more years of experience with cloud computing and cloud security.
4. Knowledge of security issues, techniques, and implications across various computing platforms.
5. Fundamental understanding of regulatory frameworks and standards such as NIST 800-53 Rev. 5, CJIS Security Policy, and 60GG-2.
6. Strong communication and documentation skills.
7. Demonstrated analytical and critical thinking skills for effective decision-making during security events.
8. Ability to manage stress and remain composed during high-pressure security incidents.
9. Solid understanding of the MITRE ATT&CK framework, including TTPs.
10. Must be CJIS certified or able to obtain certification.

Education

1. Bachelor’s degree or higher in Computer Science, Information Security, or a related field.
2. Relevant experience may substitute for the recommended education on a year-for-year basis, and additional education may substitute for experience on a year-for-year basis.
3. Relevant certifications may include Security , CySA , Network , SSCP, CISSP, CCSP, SecurityX/CASP , or PenTest .