This role provides hands-on technical expertise across all security assessment and documentation activities for the Florida Department of Environmental Protection (DEP). It focuses on evaluating system controls, reviewing how data and access are managed, and ensuring the technical accuracy of all deliverables. The role supports policy development, system security planning, and data flow analysis to help the Department strengthen its security posture. 

Expanded Responsibilities 

• Lead the development of System Security Plans (SSPs) for all required applications. 

• Review and assess key security controls, including how users log in, how multi-factor authentication works, how privileged accounts are managed, how activity is logged, and how systems are scanned and configured for security. 

• Provide technical input to help create clear and accurate user access policies and procedures. 

• Analyze how data moves between systems and applications to support the development of accurate data flow documentation. 

• Verify the technical accuracy of all documents and reports prepared by other team members. 

• Recommend improvements to technical security policies, such as multi-factor authentication, vulnerability management, and change management. 

• Participate in assessments, interviews, and discussions with system owners and IT staff to understand how systems operate and how controls are implemented. 

• Support technical working sessions both remotely and onsite as needed. 

Required & Preferred Qualifications 

• Experience: 

• Bachelor’s or Master’s in Computer Science, Cybersecurity, Information Technology, or Information Security. Degrees in related technical fields like Engineering (Computer/Electrical), Information Assurance, or Data Analytics are also relevant. 

• 5+ years in cybersecurity architecture, cloud security, IAM, and technical control design. 

• Experience writing SSPs for moderate/high impact systems. 

• Familiarity with Azure services, logging, MFA platforms, IAM, RBAC, SIEM tools, and secure configurations is preferred. 

• Certifications: CISSP, CISA, Security+ (CISSP strongly preferred). 

• Other Requirements: 

• Proven ability to translate technical controls into NIST CSF and Florida 60GG-2 compliance language. 

• Strong technical writing skills. 

Note: 

(All personnel reside within 50 miles of the Florida Capitol building and maintain at least 1 year of working knowledge of the Florida Cybersecurity Act (§282.318 F.S.) and Florida Cybersecurity Standards (60GG-2), as required for meeting DEP timelines and deliverables.) 

All personnel meet or exceed DMS/ACS labor category requirements under SIN 54151HACS & 54151S. 

Work arrangement: 80% remote / 20% onsite for scheduled syncs, workshops, interviews, and deliverable reviews.