Cybersecurity Analyst

The St. Johns River Water Management District is an environmental agency whose work is focused on ensuring a long‑term supply of drinking water, and to protect and restore the health of water bodies in the District’s 18 counties in northeast and east‑central Florida. Become a member of our team as a Cybersecurity Analyst while enjoying work‑life balance in a professional culture with competitive pay and benefits.

• Security Monitoring and Incident Response:
  Monitor security alerts, logs, and tools for potential threat alerts. Investigate and respond to incidents in accordance with defined processes, ensuring timely escalation and documentation. Contribute to after‑action reviews and continuous improvement of detection and response activities.
• Vulnerabilityand Patch Management:
  Perform routine vulnerability assessments, track remediation progress, and communicate risk‑based priorities. Maintain dashboards and metrics and help improve patching processes through cross‑team collaboration.
• Governance,Risk,and Compliance:
  Assist with quarterly reporting, audits, evidence collection, and policy implementation. Partner with leadership to strengthen security controls and support risk assessments and compliance efforts.
• Security Awareness and Project
  
  Collaboration:
  
  Promote security best practices through communication, training, and consultative support. Serve as a security advisor for technology projects, procurements, and operational changes, helping ensure security is considered early in planning and implementation.

• Information security fundamentals such as defense‑in‑depth, least privilege, secure configuration, and threat landscapes.
• Common cybersecurity frameworks and standards (e.g., NIST CSF, CIS Critical Security Controls).
• Networking fundamentals, including TCP/IP, DNS, VPN, VLANs, and firewalls.
• Enterprise technologies such as Windows and Linux server environments, Active Directory, Microsoft 365, Azure, and endpoint management tools.
• Vulnerability scanning, patch management, and system hardening approaches.
• Security monitoring technologies, including SIEM, EDR, and intrusion detection and prevention systems.
• Incident response processes, evidence handling, and foundational forensic principles.
• Applicable state/federal regulations and compliance requirements related to information security.

• Identifying and validating security events through analysis of logs, alerts, and network data.
• Using enterprise security tools such as EDR, SIEM/log management, vulnerability scanners, and threat intelligence sources.
• Producing clear and actionable reporting, dashboards, and documentation.
• Using automation or scripting (e.g., Power Shell, Python) to streamline tasks, reporting, and monitoring.
• Managing competing priorities in a dynamic environment and meeting deadlines.
• Communicating clearly with both technical and non‑technical stakeholders.
• Building effective relationships and collaborating across multidisciplinary teams.

• Analyze complex technical issues, assess risk, and recommend practical, business‑aware mitigation strategies.
• Maintain strict confidentiality of sensitive information and handle security and audit data responsibly.
• Adapt to emerging threats, technologies, and industry best practices.
• Follow established policies while also identifying opportunities to improve efficiency and automation.
• Work independently with sound judgment and appropriate escalation.
• Influence outcomes without direct authority and support a positive security culture across the organization.

A bachelor's degree from an accredited college or university with a major in cybersecurity, computer science, management information systems, information technology, or a closely related field, and five years of progressively responsible information technology experience, including at least three years of direct cybersecurity experience in security monitoring, incident response, vulnerability management, security compliance, or risk assessment.

A master's degree from an accredited college or university in cybersecurity, computer science, management information systems, information…