Information Security Analyst

Kimley-Horn - Raleigh, NC

posted 3 months ago

Full-time
Onsite - Raleigh, NC
Professional, Scientific, and Technical Services

About the position

Kimley-Horn, recognized as one of Fortune Magazine's “100 Best Companies to Work For,” is seeking an Information Security Analyst to join our dedicated Information Security team in Raleigh, NC. In this pivotal role, you will be responsible for safeguarding our organization's technology infrastructure and assets. This position is not remote, emphasizing the importance of collaboration and direct engagement with our team and stakeholders. As an Information Security Analyst, you will utilize advanced vulnerability assessment tools and techniques to identify and evaluate potential threats to our systems. Your expertise will be crucial in developing and maintaining integrations between various vulnerability assessment and reporting solutions, ensuring that our security measures are both effective and efficient. In addition to vulnerability assessments, you will be tasked with identifying new threat tactics, techniques, and procedures employed by cyber threat actors. Implementing and managing data loss prevention measures will be a key responsibility, as you work to maintain the security and integrity of sensitive data across the organization. Proactive engagement in threat hunting activities will allow you to search for potential threats within our enterprise environment, contributing to a culture of cyber mindfulness that extends beyond the workplace. You will also play a vital role in understanding the cyber risks faced by the business and developing educational strategies and programs to inform and educate our staff. Tracking application vulnerabilities through security tools and collaborating with internal teams to formulate effective remediation plans will be essential to your success in this role. Additionally, you will partner with the Compliance team to monitor and review changes in applicable regulations, ensuring that necessary adjustments are implemented promptly. Conducting thorough investigations of security incidents to determine root causes and impacts will be part of your responsibilities, as will participating in tabletop exercises and simulations to test and enhance our incident response plans.

Responsibilities

  • Utilizes advanced vulnerability assessment tools and techniques to discover and assess potential threats
  • Develops and maintain integrations between vulnerability assessment solutions, vulnerability reporting solutions, and related solutions as needed
  • Identify new threat tactics, techniques and procedures used by cyber threat actors
  • Implementing and managing data loss prevention measures to maintain the security and integrity of sensitive data
  • Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment
  • Support the growth of our culture of cyber mindfulness both inside and outside the workplace
  • Understand cyber risks to the business and develop educational strategies and programs to educate the firm
  • Accountable for tracking application vulnerabilities through security tools and meeting with internal teams to formulate remediation plans
  • Partner with the Compliance team to monitor and review any changes in applicable regulations and ensure any necessary changes are implemented in a timely manner
  • Conduct thorough investigations of security incidents to determine the root cause and impact
  • Participate in tabletop exercises and simulations to test and improve incident response plans

Requirements

  • Bachelor's degree in information security, cybersecurity, or a related field
  • 3+ years of experience with Information Security, Risk Management, Compliance or a similar role within an enterprise-level organization
  • Professional IT certifications relating to IT Security such as Security+, OSCP, GIAC Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), or other relevant security certifications
  • Experience with enterprise vulnerability reporting tools
  • Experience in designing and engineering data protection solutions
  • Experience managing medium to large projects involving multiple teams in a technical lead role
  • Experience with change-management policies and procedures
  • Strong communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders

Nice-to-haves

  • Knowledge and experience with data management security
  • Experience with the risk management process
  • Familiarity with vulnerability management
  • Familiarity with the phases of penetration testing as well as experience with remediation
  • Experience with Purview or similar tools is a plus
  • Knowledge of the MITRE ATT&CK framework or NIST Cyber Security Framework (CSF)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service