Cybersecurity Analyst

Under the general supervision of the IT Director, the Cybersecurity Analyst is responsible for protecting the City of Sanibel’s information technology infrastructure, systems, and data from cybersecurity threats. This is a highly technical position within the City’s six-person Information Technology Department, providing cybersecurity services and support across all City departments, including the Wastewater Facility and the Sanibel Police Department. The Cybersecurity Analyst designs, implements, and manages security controls; conducts vulnerability assessments and risk analysis; monitors and responds to security incidents; and ensures regulatory compliance. Participates in departmental on-call after hours rotation.

The following duties are normal for this position. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The omission of specific statements of the duties does not exclude them from the classification if the work is similar, related, or a logical assignment for this classification. Other duties may be required and assigned. 

Security Program Administration:

• Develops, implements, and maintains the City's information security program, policies, standards, and procedures in accordance with industry best practices and applicable regulations, including processes for policy exceptions and non-compliance.
• Performs system security administration across designated technology platforms including operating systems, applications, and network security devices.
• Develops and maintains documentation for security systems, processes, and procedures.
• Works with IT Director and staff to ensure accountability for controls and understanding of responsibilities for risk mitigation, remediation, and compliance with security policies.

• Conducts or coordinates vulnerability scans and penetration/infiltration tests on City systems; documents findings and recommends risk mitigation strategies.
• Designs and implements a risk assessment strategy to include identification, mitigation options, remediation requirements, tracking, and management reporting.
• Performs threat and vulnerability assessments, followed where appropriate by remedial action, to ensure systems are protected from known and potential threats.
• Researches, designs, recommends, evaluates, and implements cybersecurity solutions that identify and/or protect against potential threats.
• Recommends, schedules, and applies security patches, fixes, and other measures required in the event of a security breach or vulnerability disclosure.

• Operates, administers, and monitors network and host-based intrusion detection/prevention systems.
• Analyzes network traffic, intrusion attempts, activity logs, and system alerts for trends, anomalies, and potential security breaches.
• Responds to and reports unresolved network security exposures, misuse of resources, or non-compliance situations using defined escalation processes.
• Provides direction and oversight of the Incident Response process; tracks and escalates security issues to resolution.
• Develops scripts, tools, and procedures to automate scans, assessments, and other monitoring and discovery activities.

• Ensures ongoing compliance with applicable cybersecurity frameworks, regulatory requirements, and organizational policies including those applicable to the Police Department (CJIS/FDLE) and Wastewater Facility (OT/ICS environments).
• Assists with the coordination and management of security awareness training, business continuity, and disaster recovery plans.
• Assists in the design and implementation of disaster recovery plans for operating systems, databases, networks, servers, and software applications.
• Coordinates work with outside vendors to facilitate ongoing cybersecurity systems and related functional work.

• Develops, reviews, implements, and maintains a security awareness program to mitigate human risks in the City’s operating environment.
• Assists other technical support staff in identifying and implementing appropriate security safeguards, including patch application and anti-malware strategies.
• Works directly with IT and City staff to identify opportunities for improved security tools and processes.
• Provides support to other IT staff and assists in problem resolution as needed.

• Provides end user computer, network, and hardware/software support for the City’s Windows operating systems users as workload permits.
• Responds to client inquiries concerning systems operation and diagnoses system hardware, software, and operator problems.

EDUCATION and/or EXPERIENCE

• High school diploma; and
• Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, Management Information Systems, Engineering, or a related field; and
• Three (3) years of current daily related cybersecurity or information security work experience; or
• An equivalent combination of education (Associate’s degree), training, relevant industry certification and exceptional cyber security experience in security operations, vulnerability management, incident response will be considered.   This track is intentionally narrow and exists solely to accommodate candidates with an exceptional, verifiable record of cybersecurity experience who have not followed a traditional academic path.

• Must possess and maintain a valid Florida Driver’s License, or ability to obtain within 30 days of hire or promotion. 
• Must have current *CISSP Certification or CISM at the time of hire or, ability to obtain within 2 years of hire as a condition of continued employment.   

The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

In-depth knowledge of cybersecurity principles, frameworks (e.g., NIST, CIS Controls), and industry best practices.
Knowledge of network security concepts including firewalls, IDS/IPS, VPN, and network segmentation.
Knowledge of vulnerability assessment and penetration testing tools and methodologies.
Knowledge of operating system security hardening for Windows and Linux environments.
Knowledge of security information and event management (SIEM) tools and log analysis.
Knowledge of regulatory compliance requirements relevant to local government, including CJIS security policy and applicable state and federal standards.
Knowledge and understanding of cloud security concepts and controls.
Knowledge and understanding of identity and access management (IAM) principles, including Active Directory and Azure AD.
Ability to conduct risk assessments and develop mitigation recommendations.
Ability to analyze network traffic and security logs to identify anomalies and potential threats.
Ability to develop and maintain security documentation, policies, and procedures.
Ability to communicate technical security concepts clearly to non-technical stakeholders.
Ability to read technical documentation to troubleshoot, evaluate, and implement new solutions.
Ability to develop and implement security awareness training for end users.
Skilled in scripting or automation (e.g., PowerShell, Python, Bash) for security monitoring and response tasks.
Ability to identify, analyze, and resolve complex technical problems.
Ability to establish and maintain effective working relationships and interact in a positive, professional manner with fellow staff, city vendors, and the public.
Ability to maintain organization, with attention to detail, listening, prioritization, and time management.
Ability to maintain confidentiality at all levels and forms when assignments involve access to or viewing of confidential information relative to any function of human resources, city, local, state or federal investigations (internal or external), or any otherwise sensitive information.
Ability to work on several projects or issues simultaneously.
Ability to work independently or in a team environment as needed.
Skilled oral and written communications for effective expression, issuing and receiving instructions, clarity in task assignment, and in the interest of public relations.