Threat Intelligence

SCOPE OF WORK/JOB CHARACTERISTICS: The IT Risk Compliance Director shall provide on-demand cybersecurity staff augmentation services to support the Department in proactively identifying, analyzing, and mitigating cybersecurity risks across its enterprise environment. The IT Risk Compliance Director services shall include, but are not limited to:

• Conduct comprehensive vulnerability assessments using industry-standard tools and methodologies;
• Perform penetration testing using a structured approach progressing from passive to active techniques;
• Identify and analyze Indicators of Compromise (IOCs), unauthorized access attempts, and data exfiltration risks;
• Manage misconfigurations and insecure network services;
• Apply and interpret Common Vulnerability Scoring System (CVSS) for risk prioritization;
• Conduct threat hunting activities to detect active or persistent threats within enterprise environments; and
• Provide incident response support, including containment, eradication, and recovery recommendations., "I the undersigned do hereby certify, under the penalty of perjury, that information in my resume submitted for consideration of the State of Florida contract position is true, correct, complete, and made in good faith to the best of my knowledge and belief. If an omission, falsification, misstatement, or misrepresentation has been made regarding my education, work ability, experience, employment history, and/or fitness for employment as a contractor, I may be disqualified as a contractor, and the matter will be reported to appropriate agency or law enforcement personnel. I understand that there may be civil and/or criminal penalties for misrepresenting pertinent information in connection with contract positions, including, but not limited to, penalties available under sections 287.133 or 817.566, Florida Statutes. I further understand that if I am not a United States citizen, violation cases may be reported to the US Department of Homeland Security for potential deportation."

"In addition, I the undersigned do hereby consent to the release of my information by employers, educational institutions, law enforcement agencies, and other individuals and organizations to investigators and other authorized agents of Florida for verification and investigation purposes. I understand that any documents submitted to procure a contract(s) with the State of Florida, including resumes, are public records."

NOTE: This position is designated as "essential staff" and is expected to report for duty when instructed to do so in times of emergency or potential emergency as required by Section 33-208.002(4), Florida Administrative Code (F.A.C.) NOTE: In addition to the above list, the selected Candidates must successfully complete a Level II Background Check. Submissions Must Include

• Candidate Resume(s) Include relevant experience, certifications, education, etc. related to the services requested in the Scope of Services.
• Knowledge, Skills, and Abilities Matrix
• References
• Exhibit E - Resume Self-Certification Form
• All selected candidates are required to complete the Department's Security Awareness Training within 30 calendar days of hire.

Must Complete the following Education, Experience, and Skills Matrices Education Degree / Date of Graduation University / School A bachelor's or master's degree from an accredited college or university in Computer Science, Information Systems, or other related field, Equivalent Experience Years of Experience Or four (4) years of equivalent work experience is required. Relevant experience may be substituted for education on a year-for-year basis when applicable.

Preferred Relevant Industry Certifications Certification # / Date of Certification Certifier Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) Global Information Assurance Certification (GIAC) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA)

Required Experience, Skills, and/or Knowledge Years of Experience Year Skills Last Used Demonstrated experience providing cybersecurity services for large, complex enterprise environments, preferably within government or criminal justice agencies; Proven track record delivering threat hunting, vulnerability assessments, penetration testing (internal and external), and incident response services; Experience supporting environments subject to Criminal Justice Information Services (CJIS) Security Policy requirements; Ability to provide advisory services, including cybersecurity strategy, governance, risk, and compliance (GRC), and remediation planning; Minimum five (5) or more years of hands-on cybersecurity experience in one or more of the following: threat hunting and threat intelligence, penetration testing and ethical hacking, vulnerability management, and Incident response and digital forensics; and Demonstrated experience operating in both offensive security roles (e.g., red team, penetration testing) and defensive security roles (e.g., Security Operations Center [SOC], blue team, and incident response).

Preferred Qualifications

• Experience conducting red team and adversarial simulation exercises;
• Ability to support cybersecurity roadmap development and maturity assessments;
• Experience integrating with client Managed Service Providers (MSPs) and internal IT teams.