Information Security Analyst

Kimley-Horn - Dallas, TX

posted 3 months ago

Full-time
Onsite - Dallas, TX
Professional, Scientific, and Technical Services

About the position

Kimley-Horn, recognized as one of Fortune Magazine's “100 Best Companies to Work For,” is seeking an Information Security Analyst to join our dedicated Information Security team in the Dallas, TX office. This position is pivotal in safeguarding our organization's technology infrastructure and assets. As an Information Security Analyst, you will be responsible for identifying and mitigating potential security threats, ensuring compliance with regulations, and fostering a culture of cyber mindfulness within the organization. This role is not remote, emphasizing the importance of collaboration and teamwork in our security efforts. In this role, you will utilize advanced vulnerability assessment tools and techniques to discover and assess potential threats to our systems. You will develop and maintain integrations between various vulnerability assessment and reporting solutions, ensuring that our security measures are robust and effective. Your expertise will be crucial in identifying new threat tactics, techniques, and procedures employed by cyber threat actors, allowing us to stay ahead of potential risks. You will also implement and manage data loss prevention measures to protect sensitive data, proactively engage in threat hunting activities, and support the growth of our cyber mindfulness culture. Understanding the cyber risks to our business will enable you to develop educational strategies and programs that inform and empower our team members. You will be accountable for tracking application vulnerabilities through security tools and collaborating with internal teams to formulate effective remediation plans. Additionally, you will partner with the Compliance team to monitor and review changes in applicable regulations, ensuring timely implementation of necessary changes. Conducting thorough investigations of security incidents to determine root causes and impacts will be a key part of your responsibilities, as will participating in tabletop exercises and simulations to test and improve our incident response plans.

Responsibilities

  • Utilizes advanced vulnerability assessment tools and techniques to discover and assess potential threats.
  • Develops and maintain integrations between vulnerability assessment solutions, vulnerability reporting solutions, and related solutions as needed.
  • Identify new threat tactics, techniques and procedures used by cyber threat actors.
  • Implementing and managing data loss prevention measures to maintain the security and integrity of sensitive data.
  • Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.
  • Support the growth of our culture of cyber mindfulness both inside and outside the workplace.
  • Understand cyber risks to the business and develop educational strategies and programs to educate the firm.
  • Accountable for tracking application vulnerabilities through security tools and meeting with internal teams to formulate remediation plans.
  • Partner with the Compliance team to monitor and review any changes in applicable regulations and ensure any necessary changes are implemented in a timely manner.
  • Conduct thorough investigations of security incidents to determine the root cause and impact.
  • Participate in tabletop exercises and simulations to test and improve incident response plans.

Requirements

  • Bachelor's degree in information security, cybersecurity, or a related field.
  • 3+ years of experience with Information Security, Risk Management, Compliance or a similar role within an enterprise-level organization.
  • Professional IT certifications relating to IT Security such as Security+, OSCP, GIAC Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), or other relevant security certifications.
  • Experience with enterprise vulnerability reporting tools.
  • Experience in designing and engineering data protection solutions.
  • Experience managing medium to large projects involving multiple teams in a technical lead role.
  • Experience with change-management policies and procedures.
  • Strong communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

Nice-to-haves

  • Knowledge and experience with data management security.
  • Experience with the risk management process.
  • Familiarity with vulnerability management.
  • Familiarity with the phases of penetration testing as well as experience with remediation.
  • Experience with Purview or similar tools is a plus.
  • Knowledge of the MITRE ATT&CK framework or NIST Cyber Security Framework (CSF).

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service