Job ID: FL-PR611393-R116449 (98591111)
Hybrid/Local Security Analyst (CISSP/Security+/OSCP/CISA) with Firewall, cloud, NIST RMF, MITRE, CJIS experience
Location: Tallahassee, FL (FWC)
Duration: 24 Months
Scope of Work, Standards, Qualifications
All deliverables (“Work”) developed, and work conducted by the Contractor pursuant to this SOW shall be
performed in accordance with OIT standards and specifications. FWC will perform a background check including
fingerprinting for selected candidates prior to the Contractor commencing work. FWC requires selected candidates
to comply with all FWC policies and procedures
The selected applicant will be expected to perform some combination of the following tasks:
1. Develop and Manage Security Best Practices for FWC: Establish and maintain security best practices
aligned with FWC’s objectives.
2. Assist with Development and Implementation of Security Policies and Procedures: Contribute to creating,
deploying, and enforcing comprehensive security policies and procedures.
3. Prepare Security Documentation: Create and maintain detailed security documentation to ensure accuracy and
compliance with industry standards.
4. Develop Risk Analysis and Security Reporting: Conduct risk assessments, develop mitigation strategies, and
generate security reports to support informed decision-making.
5. Monitor and Remediate Software or Hardware Vulnerabilities: Identify, monitor, and address vulnerabilities in
software and hardware to safeguard FWC’s assets.
6. Evaluate Current and Future Security Tools and Systems: Assess existing and potential security tools and
systems, providing recommendations for enhancements or new implementations.
7. Respond to Security Incidents: Act as a primary responder to security events, executing incident response
protocols and ensuring timely resolution.
8. Conduct After-Action Reviews: Thoroughly review and analyze security incidents to identify root causes and
lessons learned, producing after-action reports as needed.
9. Mitigate Identified Risks: Implement strategies to mitigate risks identified through assessments and incident
analyses.
10. Educate IT and Program Areas About Security Policies: Train and inform IT teams and program areas on security
policies to ensure widespread understanding and adherence.
11. Submit and Oversee Change Control Process: Manage the change control process, ensuring all modifications are
documented and compliant with FWC standards.
12. Document Hours Worked by Task(s): Accurately record hours spent on each task for accountability and project
management purposes.
13. Follow FWC IT Processes and Coordinate with Other FWC IT Staff to Ensure Compliance with FWC Standards:
Adhere to FWC IT protocols and collaborate with IT staff to maintain compliance with organizational standards.
14. Comply with and Enforce All Agency Policies, Procedures, and Security Policies: Adhere to and enforce all
relevant agency and security policies and procedures.
15. Provide Technical Training (Knowledge Transfer) to Office of Information Technology Support Staff Related to
IT Security: Deliver technical training and facilitate knowledge transfer to IT support staff focused on
information security.
Acceptance of Work and Performance Standards
All deliverables shall be submitted to the Approving Supervisor for review and approval (“Acceptance”). The FWC
will accept each deliverable when it has been reviewed and meets the applicable criteria specified in this SOW,
including the standards and guidelines referenced herein. The FWC may provide additional acceptance criteria
during the Task Order period to be used for the deliverables. If subsequent Work that is the responsibility of the
Contractor invalidates some or all of the contents of a Deliverable, the FWC reserves the right to require the
Contractor to revise Deliverables previously approved at no additional cost to the FWC, or to reject current
deliverables based on inconsistency with the Statement of Work.
Qualification Requirements For Contractor
1. Four or more years of combined IT and security work experience with a broad range of exposure to
Systems Analysis.
2. Four or more years of experience with information technology security.
3. Four or more years of experience with Firewall policies, implementation, and best practices.
4. Two or more years of experience with cloud computing and cloud computing security.
5. Requires knowledge of security issues, techniques, and implications across all existing.
6. computer platforms.
7. Must have a good understanding of NIST cybersecurity Framework.
8. Must have a good understanding of NIST RMF.
9. Must have a good understanding of the MITRE framework.
10. Must be CJIS certified or can become CJIS certified.
Education
1. Bachelor’s Degree in Computer Science, Information Systems, or other related field or equivalent work
experience.
2. Cyber Security Certifications examples: CISSP, Security +, OSCP, CISA.
F-Resume-Self-Certification-Form.docx