Overview:
Kimley-Horn, one of Fortune Magazines 100 Best Companies to Work For, is looking for a
Cloud Security Analyst
to join the Information Security team in our
Dallas, TX
office. As a Cloud Security Analyst, you will play a critical role in ensuring the security of our organization's technology infrastructure and assets. You will be responsible for ensuring the security of our cloud infrastructure and applications, as well as identifying and mitigating security risks.
This is not a remote position.
Responsibilities:
Familiarity with Azure SSO integration and SCIM automated user provisioning
Experience with IAM / Modern Authentication / Identity tooling is a plus (e.g., ServiceNow, MFA, Security Token, OAUTH, Azure AD conditional access, AWS, etc.)
Working knowledge of security risk oversight, CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), and technical security vulnerability remediation/mitigation
Practical experience analyzing cloud infrastructure vulnerability data to understand and communicate risks, concerns, and outcomes of decisions
Accountable for tracking application vulnerabilities through security tools and meeting with development teams to formulate remediation plans
Prepare reports detailing metrics and KPIs of the security program and tools
Build automation to actively audit the infrastructure for security misconfigurations by using cloud-native policies/scripts
Work closely with the Product Engineering, Platform and Security Architecture teams to engineer and implement cloud security controls with a focus on DevSecOps
Ability to design and implement secrets management solutions in cloud environments, including hands-on experience in building out systems utilizing tools such as AWS Secrets Manager or Azure Key Vault
Experience in CI/CD pipeline using Jenkins, IaC like Terraform added advantage
Broad knowledge of web standards relating to APIs (OAuth, SSL, CORS, JWT, etc.)
Proficiency in scripting and programming languages like Python, PowerShell, or Bash
Conduct thorough investigations of security incidents to determine the root cause and impact
Proactively identify potential security vulnerabilities and weaknesses in the system and recommend appropriate remediation actions
Participate in tabletop exercises and simulations to test and improve incident response plans
Prepare detailed incident reports, documenting the findings, actions taken, and lessons learned
Qualifications:
Bachelors degree in information security, cybersecurity, or a related field
4+ years of experience with Azure DevOps, Azure Security, or a similar role within an enterprise-level organization
Strong scripting skills in PowerShell
Experience with infrastructure as code (IaC) concepts & being open to working with PowerShell+ DSC as your main IaC tool
Solid understanding of incident response methodologies, tools, and frameworks
Experience with change-management policies and procedures
Excellent problem-solving skills and the ability to think critically under pressure
Strong communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders
Desired Skills:
Relevant certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), or Azure certifications
Experience working with common security protocols, encryption, server technologies, modern authentication, and cloud app authorization architectures
Familiarity with query languages, advanced queries, and penetration testing tools
Knowledge of the MITRE ATT&CK framework or NIST Cyber Security Framework (CSF)
Applicants must be legally authorized to work for Kimley-Horn in the U.S. without employer sponsorship. We do not typically sponsor H1-B or any other work visa petitions.
#J-18808-Ljbffr
