The Security Analyst performs professional and technical work ensuring the confidentiality, integrity, and availability of the Town’s information systems. This position is responsible for performing hands-on security administration and continuous optimization of our information and industrial control security standards and practices. This position will work directly with staff to provide security related help desk support and to identify opportunities for improved security tools and processes.
This position pays a salary of $58,832.25-$94,131.61 annually. It is an exempt position.
The Town provides 100% paid employee health insurance, dental insurance, long-term disability, life and accidental death insurance. The Town also provides 50% paid dependent health insurance, a 401(a) retirement plan that is fully vested after three years, paid time off, and paid holidays. Employees have the option of purchasing additional life insurance, short-term disability insurance, accident insurance, critical illness insurance, and vision insurance at reduced rates.
This position will remain open until filled.
Essential Duties and Responsibilities
- Perform security administration for the Town’s information and industrial control systems in accordance with defined policies and procedures, legislative or business partner mandate, vendor guidelines, and industry best practice.
- Monitor various security appliances, software, and logs to maintain operational visibility and to identify possible security incidents. Conduct thorough investigations of suspected malicious activity.
- Respond to information security incidents, misuse of resources, or non-compliance situations using defined escalation procedures.
- Manage the consistent application and maintenance of information security policies, procedures, standards, and guidelines to ensure information systems and supporting technologies are secure and protected appropriately.
- Make recommendations for improvements and implement corrective measures to ensure compliance and overall security of information and industrial control systems.
- Assist with the continuing development, testing, and maintenance of incident
response, business continuity and disaster recovery plans.
- Develop and promote a comprehensive employee security awareness training program and coordinate with Human Resources to provide training for all new employees during their onboarding process.
- Monitor open-source cyber threat intelligence (OSINT) and information security trends. Maintain knowledge of current tactics, techniques, and procedures (TTP) to manage appropriate defensive response.
- Collaborate with staff and business partners to ensure that the appropriate
information security policies are accounted for within design specifications and successfully demonstrated during the evaluation and selection processes.
- Facilitate third-party information risk assessments and security audits and perform the appropriate remedial actions to ensure that information and industrial control systems are protected from potential threats.
- Assume the Local Agency Security Officer (LASO) role for the Police Department and ensure the agency is adhering to all FCIC/NCIC technology related security requirements. Participate in bi-annual FDLE agency audit.
- Perform related work as required.
- Direct, hands-on experience managing information and industrial control systems security infrastructure, including firewalls, intrusion prevention systems (IPS), web application firewalls (WAF), endpoint protection, and log management technology.
- Direct, hands-on experience managing enterprise public key infrastructure (PKI).
- Direct, hand-on experience using vulnerability management tools.
- Experience managing data loss prevention and data classification programs.
- Experience facilitating cyber incident response efforts.
- Experience facilitating third-party information risk assessments and security audits.
- Knowledge of governance, risk, and compliance (GRC) program development, risk management concepts, IT general controls and auditing and security principals.
- Knowledge of industry recognized compliance frameworks such as MITRE ATT&CK, NIST 800-53, NIST Cybersecurity Framework (CSF), CJIS, OWASP, etc.
- Ability to teach technical ideas to a non-technical audience and to present information in written, oral, and multi-media formats to individuals and small groups.
- Ability to provide direction with correspondence, memos, and other documentation.
- Ability to establish and maintain effective, professional working relationships.
- Ability to lead small teams and work independently with general direction
Education and Experience
- Any combination of education, training and experience equivalent to graduation from an accredited college or university with a bachelor’s degree in Information Systems or Computer Science.
- A minimum of 5 years of progressively responsible experience in the areas outlined in this job description
Licenses, Certifications or Registrations
1. Possession of a valid Florida Driver’s License.
2. Must obtain Level 4 and LASO CJIS certifications following employment.
Essential Physical Skills
1. While performing the duties of this position, the employee is regularly required to use hands to touch, handle or feel; reach with hands and arms; talk and hear
2. Specific vision abilities required by this position included color vision, close vision, depth perception and ability to adjust focus
1. Works inside in an office environment.
2. May be required to assist the Town in the preparation for and aftermath of a major emergency such as a hurricane or other disaster
All positions are regular full time unless stated otherwise. Employment applications for vacant positions may be submitted online, at Town Hall or by email. Each application must include the position title, and each position requires a separate application.
All submitted materials are subject to public disclosure by the Florida Public Records Act. The Town is an equal opportunity employer and a drug-free workplace.