INFORMATION SECURITY ANALYST IV - 37011231

About The Position

Requirements

• 4 years’ experience in an Information Technology customer service position
• 2 years’ experience working to create, maintain, establish, and review complex programmatic scripting languages such as PowerShell, WSH, Python, or Pearl
• 1 years’ experience in a technical position requiring status updates and communication directly with customers and/or leadership staff
• Strong communication skills and the ability to prepare and present papers, briefings, and other materials to leadership
• Strong ability to work across multiple organizations to find consensus
• Strong communication skills (oral and written) with the ability to communicate with all levels of cybersecurity and incident response within the organization
• Intermediate knowledge of various industry-standard cybersecurity frameworks
• Excellent analytical and technical skills
• Knowledge of communication imperatives and the ability to provide status updates to technical and management-level team members
• Ability to maintain perspective during crisis-level incidents
• Ability to assist with non-routine and unforeseen administrative tasks because of incidents, activations, or direction of leadership
• Experience developing business cases for technical projects
• In person attendance is an essential function of this position.

Nice To Haves

• Preference will be given to applicants with certifications in CompTIA Security+, ISC2 Certified in Cybersecurity (CC), Certified Ethical Hacker (CEH), and/or Microsoft AZ-500.

Responsibilities

• Assist in the creation, maintenance, and establishment of information security incident response plans and procedures.
• Developing and maintaining processes or protocols to ensure security requirements are incorporated into the change control process.
• Establishing and maintaining policy and regulatory expectations for protection of the physical operating environment for agency-owned or managed IT resources.
• Establishing and maintaining a policy and procedure review process that facilitates continuous improvement to protection processes.
• Assist with the following ISM duties required per Rule 60GG-2:
• Establishing and maintaining an information security program that includes information security policies, procedures, standards, and guidelines
• Establishing and maintaining an information security awareness program
• Establishing and maintaining information security risk management process, including the comprehensive risk assessment required by section 282.318, F.S.
• Establishing and maintaining computer Security Incident Response Team
• Establishing and maintaining a disaster recovery program that aligns with the agency’s Continuity of Operations (COOP) Plan
• Proactively research latent security threats and recommend risk mitigation actions
• Performing information security investigations that could potentially impact the employment status of employees (OPS, career service, SES, SMS, contractors)
• Performing information security investigations in conjunction with the Inspector General’s Office and law enforcement agencies
• Review and modify firewall rules iteratively to be more secure.
• Manage and configure the agency’s endpoint security solution.
• Respond to information security incidents and execute countermeasures.
• Create, maintain, establish, and review application security standards and implementation plans and procedures as part of a secure software development lifecycle process.
• Review access requests and provide access control oversight.
• Maintain technical skillset to adapt to new technologies as they emerge including researching and recommending security-focused training for themselves and others in the division.
• Ensure cryptographic standards are maintained in systems and applications.
• Maintain compliance with CJIS (criminal justice) systems and recommend technologies and procedures, if required, for on-premises and cloud-based CJIS infrastructure.
• Evaluate desktop policies to ensure proper patching levels and security policies are maintained.
• Assist with non-routine and unforeseen administrative tasks because of incidents, activations, or direction of leadership.
• Research, analyze, draft, and implement cybersecurity policies and best practices which support DEP Enterprise.
• Monitor trends and coordinate with the Information Security Manager in order to identify needed changes to cybersecurity rules and policies.
• Perform other duties as assigned.
• Attendance is an essential function of this position.

Benefits

• Annual and Sick Leave benefits;
• Nine paid holidays and one Personal Holiday each year;
• State Group Insurance coverage options, including health, life, dental, vision, and other supplemental insurance options;
• Retirement plan options, including employer contributions (For more information, please click www.myfrs.com);
• Tuition waivers;
• Total Compensation Estimator Tool
• And more!