Cloud Security Analyst

at Kimley-Horn
Published February 8, 2024
Location Dallas, TX
Category Default  
Job Type Full-time  

Description

Overview:

Kimley-Horn, one of Fortune Magazines 100 Best Companies to Work For, is looking for a Cloud Security Analyst to join the Information Security team. As a Cloud Security Analyst, you will play a critical role in ensuring the security of our organization's technology infrastructure and assets. You will be responsible for ensuring the security of our cloud infrastructure and applications, as well as identifying and mitigating security risks.

Responsibilities:

  • Familiarity with Azure SSO integration and SCIM automated user provisioning
  • Experience with IAM / Modern Authentication / Identity tooling is a plus (e.g., ServiceNow, MFA, Security Token, OAUTH, Azure AD conditional access, Azure, AWS, etc.)
  • Working knowledge of security risk oversight, CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), and technical security vulnerability remediation/mitigation
  • Practical experience analyzing cloud infrastructure vulnerability data to understand and communicate risks, concerns, and outcomes of decisions
  • Accountable for tracking application vulnerabilities through security tools and meeting with development teams to formulate remediation plans
  • Prepare reports detailing metrics and KPIs of the security program and tools
  • Meet regularly with development teams to address compliance, SDLC, and OWASP standards
  • Familiar with the Infrastructure as Code and desired state concepts including tools such as Terraform, Salt, Chef, Puppet etc.
  • Broad knowledge of web standards relating to APIs (OAuth, SSL, CORS, JWT, etc.)
  • Proficiency in scripting and programming languages like Python, PowerShell, or Bash
  • Conduct thorough investigations of security incidents to determine the root cause and impact
  • Proactively identify potential security vulnerabilities and weaknesses in the system and recommend appropriate remediation actions
  • Participate in tabletop exercises and simulations to test and improve incident response plans
  • Prepare detailed incident reports, documenting the findings, actions taken, and lessons learned

Qualifications:

  • Bachelors degree in information security, cybersecurity, or a related field
  • 4+ years of experience with Azure DevOps, application penetration testing, or a similar role within an enterprise-level organization
  • Implementing and automating security tools (SecDevOps) to enable secured SDLC and CI/CD pipelines
  • Solid understanding of incident response methodologies, tools, and frameworks
  • Experience with change-management policies and procedures
  • Excellent problem-solving skills and the ability to think critically under pressure
  • Strong communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders

Desired Skills:

  • Relevant certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), or Azure certifications
  • Experience performing penetration tests against web applications
  • Experience developing security automation tooling
  • Experience working with common security protocols, encryption, server technologies, modern authentication, and cloud app authorization architectures
  • Familiarity with query languages, advanced queries, and penetration testing tools
  • Knowledge of the MITRE ATT&CK framework or NIST Cyber Security Framework (CSF)
Only registered members can apply for jobs.