SCOPE OF WORK:
1. Develop and Manage Security Best Practices for FWC: Establish and maintain security best practices aligned with FWC’s objectives.
2. Assist with Development and Implementation of Security Policies and Procedures: Contribute to creating, deploying, and enforcing comprehensive security policies and procedures.
3. Prepare Security Documentation: Create and maintain detailed security documentation to ensure accuracy and compliance with industry standards.
4. Develop Risk Analysis and Security Reporting: Conduct risk assessments, develop mitigation strategies, and generate security reports to support informed decision-making.
5. Monitor and Remediate Software or Hardware Vulnerabilities: Identify, monitor, and address vulnerabilities in software and hardware to safeguard FWC’s assets.
6. Evaluate Current and Future Security Tools and Systems: Assess existing and potential security tools and systems, providing recommendations for enhancements or new implementations.
7. Respond to Security Incidents: Act as a primary responder to security events, executing incident response protocols and ensuring timely resolution.
8. Conduct After-Action Reviews: Thoroughly review and analyze security incidents to identify root causes and lessons learned, producing after-action reports as needed.
9. Mitigate Identified Risks: Implement strategies to mitigate risks identified through assessments and incident analyses.
10. Educate IT and Program Areas About Security Policies: Train and inform IT teams and program areas on security policies to ensure widespread understanding and adherence.
11. Submit and Oversee Change Control Process: Manage the change control process, ensuring all modifications are documented and compliant with FWC standards.
12. Document Hours Worked by Task(s): Accurately record hours spent on each task for accountability and project management purposes.
13. Follow FWC IT Processes and Coordinate with Other FWC IT Staff to Ensure Compliance with FWC Standards: Adhere to FWC IT protocols and collaborate with IT staff to maintain compliance with organizational standards.
14. Comply with and Enforce All Agency Policies, Procedures, and Security Policies: Adhere to and enforce all relevant agency and security policies and procedures.
15. Provide Technical Training (Knowledge Transfer) to Office of Information Technology Support Staff Related to IT Security: Deliver technical training and facilitate knowledge transfer to IT support staff focused on information security.
16. Work Location: Perform onsite duties at FWC offices in Tallahassee, Florida, and remotely as needed.
17. Deliverables and Performance Standards: The Standards and Specifications table below defines the deliverables and performance standards associated with each task.
18. Confidentiality and Data Protection: The Contractor agrees to adhere to all confidentiality and data protection policies set forth by FWC. Any sensitive information accessed or handled during the engagement must be kept confidential and secure.
RESPONSIBILITIES:
1. Support agency Information Security Management.
2. Assist with the development and execution of best practices for network security for FWC.
3. Execute Change Control Process to remediate security events.
4. Document security issues, their impact, resolution, security requirements, and the resulting security posture.
5. Support the development and implementation of FWC security controls as required for supporting agency security goals and objectives.
6. Develop and deploy security best practices.
7. Support existing security systems with requested enhancements and break fixes.
8. Provide technical documentation and work plans for meeting FWC security posture.
9. Monitor compliance with agency information security policies, procedures, standards, and guidelines pertaining to network security. Provide technical consultation to FWC staff.
10. Provide technical consultation to FWC staff.
QUALIFICATIONS:
1. Bachelor’s Degree in Computer Science, Information Systems, or other related field or equivalent work experience.
2. Cyber Security Certifications (examples: CISSP, Security +, OSCP, CISA).
3. A minimum of four (4) years of experience as a Security Analyst.
REQUIRED KSA’s:
1. Four or more years of combined IT and security work experience with a broad range of exposure to systems Analysis.
2. Four or more years of experience with information technology security.
3. Four or more years of experience with Firewall policies, implementation, and best practices.
4. Two or more years of experience with cloud computing and cloud computing security.
5. Requires knowledge of security issues, techniques, and implications across all existing computer platforms.
6. Must have good understanding of NIST cybersecurity Framework.
7. Must have good understanding of NIST RMF.
8. Must have a good understanding of MITRE framework.
9. Must be CJIS certified or can become CJIS certified.