Information Security Analyst

Overview: Kimley-Horn, one of Fortune Magazines 100 Best Companies to Work For, is looking for an Information Security Analyst to join the Information Security team in our Raleigh, NC office. As an Information Security Analyst, you will play a critical role in securing our organization's technology infrastructure and assets. This is not a remote position. Responsibilities: Utilizes advanced vulnerability assessment tools and techniques to discover and assess potential threats Develops and maintain integrations between vulnerability assessment solutions, vulnerability reporting solutions, and related solutions as needed Identify new threat tactics, techniques and procedures used by cyber threat actors Implementing and managing data loss prevention measures to maintain the security and integrity of sensitive data Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment Support the growth of our culture of cyber mindfulness both inside and outside the workplace Understand cyber risks to the business and develop educational strategies and programs to educate the firm Accountable for tracking application vulnerabilities through security tools and meeting with internal teams to formulate remediation plans Partner with the Compliance team to monitor and review any changes in applicable regulations and ensure any necessary changes are implemented in a timely manner Conduct thorough investigations of security incidents to determine the root cause and impact Participate in tabletop exercises and simulations to test and improve incident response plans Qualifications: Bachelors degree in information security, cybersecurity, or a related field 3+ years of experience with Information Security, Risk Management, Compliance or a similar role within an enterprise-level organization Professional IT certifications relating to IT Security such as Security+, OSCP, GIAC Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), or other relevant security certifications. Experience with enterprise vulnerability reporting tools Experience in designing and engineering data protection solutions Experience managing medium to large projects involving multiple teams in a technical lead role Experience with change-management policies and procedures Strong communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders Desired Skills: Knowledge and experience with data management security Experience with the risk management process Familiarity with vulnerability management Familiarity with the phases of penetration testing as well as experience with remediation Experience with Purview or similar tools is a plus Knowledge of the MITRE ATT&CK framework or NIST Cyber Security Framework (CSF)

Created: 2024-10-28