Jacksonville Sheriff's Office


Job Location US-FL-Jacksonville
Requisition Number 2020-1155

Posted Date


Post End Date


Job Description

This position assists the Jacksonville Sheriff’s Office Network Security Team in collecting data from a variety of cyber defense tools (e.g., Intrusion Detection System (IDS) alerts, firewalls, network traffic logs), analyzing events that occur within the agency, responding to alerts to mitigate threats, and assist in managing reporting to meet Criminal Justice Security Policy (CSP), the Commission on Accreditation for Law Enforcement Agencies (CALEA), and  Commission for Florida Law Enforcement Accreditation (CFA) compliance requirements. This role is the primary Security Information and Event Management (SIEM), Network Security Monitoring (NSM), and log management system user.  They monitor real time events and alarms using monitoring that follows a standard operating procedure for a wide variety of alerts, generating reports based on criteria.  They will monitor SIEM system health, data feed checks, monitor the system(s) as a whole, gathering data from logs, phone intake, email, or tickets.  They may feed many case types to the Help Desk, handle and process more straightforward alarm conditions, closing tickets based on well-defined criteria, and escalate more difficult or complex cases to the next tier after they have collected some initial data.  They will act as an incident handler or may directly support the Computer Security Incident Response Team (CSIRT) function depending on severity.  They may be asked to perform cross team analysis to gain a better understanding of workflows and processes and provide feedback to teams to enhance security posture.

Examples of Work

Applicants must be able to perform the following work tasks (not inclusive of all job functions):

  • Monitor, Review, and analyze agency Criminal Justice Information Services (CJIS) systems logging tools for suspicious events.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Assess adequate access controls based on principles of least privilege and need-to-know.
  • Monitor external data sources to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
  • Document and escalate incidents if needed.
  • Perform cyber defense trend analysis and reporting.
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
  • Provide daily summary reports of network events and activity relevant to cyber defense practices.
  • Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
  • Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Examine network topologies to understand data flows through the network.
  • Recommend computing environment vulnerability corrections.
  • Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
  • Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
  • Reconstruct a malicious attack or activity based off network traffic.
  • Identify network mapping and operating system (OS) fingerprinting activities.
  • Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
  • Assist in the construction of signatures which can be implemented on cyber defense network tools.
  • Maintain documentation of the validation process for CJI systems accounts and reconcile reports.
  • Monitor security system reports for accuracy.
  • Maintain network diagram to include all communication paths, circuits, and other components.
  • Reconcile user lists in Mobile Device Management (MDM) software.
  • Reconcile active and inactive user accounts.

Knowledge, Skills and Abilities

Required Candidate Skills, Knowledge, and Proficiencies:

  • Knowledge of authentication, authorization, and access control methods.
  • Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
  • Knowledge of encryption algorithms.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of vulnerabilities related to Windows, Linux, embedded, and database systems.
  • Knowledge of host/network access control mechanisms (e.g., access control list).
  • Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • Knowledge of incident response and handling methodologies.
  • Knowledge of information technology (IT) security principles and methods, such as firewalls, demilitarized zones, and encryption.
  • Knowledge of network access, identity, and access management.
  • Knowledge of network protocols such as TCP/IP, DHCP, DNS, and directory services.
  • Knowledge of network traffic analysis methods.
  • Knowledge of security system design tools, methods, and techniques.
  • Knowledge of Virtual Private Network (VPN) security.
  • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  • Skill in developing and deploying signatures.
  • Knowledge of countermeasures for identified security risks.
  • Skill in assessing security controls based on cybersecurity principles and tenets.
  • Knowledge of network mapping and recreating network topologies.
  • Skill in using protocol analyzers and performing packet-level analysis.
  • Skill in using incident handling methodologies.
  • Knowledge of common adversary TTP’s in assigned area of responsibility.
  • Knowledge of common network tools and interpret the information results.
  • Knowledge of defense-in-depth principles and network security architecture.
  • Knowledge of how to use network analysis tools to identify vulnerabilities.
  • Knowledge of cyber defense policies, procedures, and regulations.
  • Knowledge of the common attack vectors on the network layer.
  • Knowledge of different classes of attacks.
  • Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non- nation state sponsored], and third generation [nation state sponsored]).
  • Knowledge of basic system administration, network, and operating system hardening techniques.
  • Knowledge of Compliance Frameworks.
  • Knowledge of Common Vulnerability Scoring System (CVSS).
  • Knowledge of general kill chain.
  • Knowledge of Windows/Unix ports and services.
  • Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • Must be able to demonstrate the ability to utilize root cause analysis problem solving skills and/or models to reduce/minimize/eliminate repetitive technical problems while working alone or in team settings.


Preferred Knowledge, Skills, and Abilities:

  • Verifiable experience in the task of utilizing and integrating security telemetry.
  • Verifiable experience in the task of installing, configuring, operating, and maintaining Security Orchestration, Automation, and Response (SOAR) systems.
  • Currently hold a GSEC: GIAC Security Essentials Certification
  • Currently hold a Cisco Certified CyberOps Associate certification
  • Currently hold a CompTIA Cybersecurity Analyst (CySA+) certification
  • Currently hold a GCIH: GIAC Certified Incident Handler Certification
  • Currently hold a CyberSec First Responder (CFR) certifcation

Open Requirements/Supplemental Information

Previous Experience Required:

  • Five or more years of verifiable experience in information security as a Network Security Analyst.
  • Three or more years of verifiable experience monitoring, configuring, analyzing, and responding to SIEM, NSM, Next-Generation Firewalls (NGFW), IDS, Intrusion Prevention Systems (IPS), Host-Based Intrusion Detection Systems (HIDS), Host-Based Intrusion Prevention Systems (HIPS), Endpoint Detection and Response (EDR) alerts, anti-virus alerts, and reports.
  • Three or more years of verifiable experience monitoring, configuring, and analyzing Vulnerability Management System (VMS).
  • Three or more years of verifiable experience responding to incidents as part of an Incident Response (IR) team.
  • Three or more years of verifiable experience working in a team environment.

Additional Requirements:

  • Must be able to conduct research and effectively collaborate with outside entities and agencies regarding current best practices in information security covering defensive, offensive, and intelligence practices.
  • Must maintain existing knowledge and skills through continuing education;
  • Must have a personal standard of high attention to detail in all work tasks;
  • Must work well as part of a team and/or as an individual depending on the task at hand;
  • Must be flexible with changing, and often unexpected, work demands to meet the operational needs of the agency;
  • Must be able to adhere to the Core Values of the agency: Worthy of Trust, Respect for Each Other, Community Focused, and Always Improving;
  • Must exhibit a commitment to continuous improvement to eliminate waste, improve the work experience for all employees, and perfect our ability to add value to our services for our customers.
  • Must adhere to all written directives of the Jacksonville Sheriff’s Office.


USD $83,539.00/Yr.


USD $83,539.00/Yr.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.