Security Analyst (Mid-Level)

About The Position

Requirements

• Bachelor’s or Master’s in Computer Science, Cybersecurity, Information Technology, or Information Security. Degrees in related technical fields like Engineering (Computer/Electrical), Information Assurance, or Data Analytics are also relevant.
• 5+ years in cybersecurity risk, compliance, audit, assessments, or governance.
• Experience performing NIST CSF, NIST 800-53, or state-level cybersecurity assessments.
• Certifications: CISA, CISSP, Security+ (minimum 1 required).
• At least one year applying Florida Cybersecurity Standards in assessments, policy work, or state government engagements.
• Strong technical writing skills for developing deliverables such as procedures, risk reports, and policies.

Responsibilities

• Evaluate whether security controls are correctly designed and operating as intended across the Department’s systems.
• Conduct interviews, review documentation, and sample technical evidence to understand how controls work and how mature they are.
• Create system-level risk categorizations based on how sensitive each system is and how it is used.
• Support the development of the Department’s upcoming risk assessment by identifying risks, analyzing their impact, and helping score their severity.
• Assist with improvements to security procedures, policies, user access processes, and multi-factor authentication guidelines.
• Review current vulnerability management and change management practices and contribute updates to bring them up to required standards.
• Work closely with the Security Architect to support security documentation, including mapping controls and building system security content.
• Participate in interviews, workshops, and onsite assessment activities as needed.