IT Security Analyst

Phillips & Jordan, Inc. (P&J), a Phillips Infrastructure Holdings, Inc. company, is a certified woman-owned, heavy civil and power infrastructure contractor established in 1952. P&J is a proven innovator, a proven leader, and a proven solution in the industry. We have built a reputation for taking on some of the most challenging, difficult projects and successfully completing them on, or even ahead of schedule. P&J employs a top-notch workforce, and we are always in need of new employees who are dependable professionals with experience in the construction industry. We are seeking safety conscious individuals who have a positive, can-do attitude, work well with others, and want to advance their careers.

Join the P&J team today and become a valued member of our company.

Job Summary: The Information Security Analyst is responsible for ensuring the security of our organization’s information systems. This role involves monitoring, analyzing, and responding to security incidents, developing security policies, and implementing security measures to protect against cyber threats. The Information Security Analyst will report to the Information Security Manager and work closely with other IT professionals and departments to maintain a robust security posture.

Key Responsibilities:

1. Security Monitoring and Incident Response:

o Continuously monitor security events and alerts from various sources.

o Analyze and investigate security incidents to determine their impact and root cause.

o Coordinate and execute incident response activities, including containment, eradication, and recovery.

o Document and report security incidents and findings to management.

2. Vulnerability Management:

o Conduct regular vulnerability assessments and penetration testing.

o Identify and prioritize security vulnerabilities and recommend remediation actions.

o Track and verify the implementation of security patches and updates.

3. Security Policy and Procedure Development:

o Develop, review, and update security policies, standards, and procedures.

o Ensure compliance with industry standards, regulations, and best practices.

o Conduct security awareness training for employees.

4. Security Architecture and Implementation:

o Design and implement security solutions to protect information systems and data.

o Evaluate and recommend security tools and technologies.

o Collaborate with IT teams to integrate security controls into system architectures.

5. Threat Intelligence and Risk Management:

o Stay informed about the latest security threats, vulnerabilities, and trends.

o Conduct threat intelligence analysis and provide actionable insights.

o Perform risk assessments and develop risk mitigation strategies.

6. Collaboration and Communication:

o Work closely with IT and other departments to address security issues and improve security posture.

o Provide guidance and mentorship to junior security staff.

o Communicate security-related information to stakeholders in a clear and concise manner.

7. Compliance and Audit:

o Ensure compliance with relevant regulatory requirements and industry standards.

o Support internal and external audits related to IT security.

o Maintain documentation and evidence for compliance purposes.

Required Qualifications:

· Minimum of 3 years of experience in IT security.

· Proficiency with Microsoft 365, Microsoft Azure, and CrowdStrike.

· Strong understanding of network security, firewalls, and intrusion detection/prevention systems.

· Excellent problem-solving and analytical skills.

· Strong communication and interpersonal skills.

Preferred Qualifications:

· Bachelor’s degree in Computer Science, Information Technology, or a related field.

· Relevant certifications such as CISSP, CISM, or CEH.

· Experience with other security tools and platforms.

· Knowledge of regulatory requirements and compliance standards.

Working Conditions:

· This position offers a hybrid work arrangement, typically involving three days in the office and two days working remotely each week. Please note that the schedule may be adjusted as necessary.

· This position will serve as the primary escalation point for all SOC incidents. High-priority escalations must be addressed immediately, 24/7/365. All other escalations can generally be handled during regular business hours.

· Travel is not generally required for this position, though it may be necessary on rare occasions.