This position assists the Jacksonville Sheriff’s Office Network Security Team in collecting data from a variety of cyber defense tools (e.g., Intrusion Detection System (IDS) alerts, firewalls, network traffic logs), analyzing events that occur within the agency, responding to alerts to mitigate threats, and assist in managing reporting to meet Criminal Justice Security Policy (CSP), the Commission on Accreditation for Law Enforcement Agencies (CALEA), and Commission for Florida Law Enforcement Accreditation (CFA) compliance requirements. This role is the primary Security Information and Event Management (SIEM), Network Security Monitoring (NSM), and log management system user. They monitor real time events and alarms using monitoring that follows a standard operating procedure for a wide variety of alerts, generating reports based on criteria. They will monitor SIEM system health, data feed checks, monitor the system(s) as a whole, gathering data from logs, phone intake, email, or tickets. They may feed many case types to the Help Desk, handle and process more straightforward alarm conditions, closing tickets based on well-defined criteria, and escalate more difficult or complex cases to the next tier after they have collected some initial data. They will act as an incident handler or may directly support the Computer Security Incident Response Team (CSIRT) function depending on severity. They may be asked to perform cross team analysis to gain a better understanding of workflows and processes and provide feedback to teams to enhance security posture.
Applicants must be able to perform the following work tasks (not inclusive of all job functions):
Required Candidate Skills, Knowledge, and Proficiencies:
Preferred Knowledge, Skills, and Abilities:
Previous Experience Required: