Apply on Employer Site

Balfour Beatty plc · 2 days ago

IT Security Analyst

Dallas, TX

Full-time

Hybrid

Senior Level

5+ years exp

Balfour Beatty is seeking an IT Security Analyst to join our Corporate Services team in Dallas, Texas. The IT Security Analyst is responsible for ensuring that the company's digital assets are protected from unauthorized access and for securing both online and on-premise infrastructures through metrics and data to filter out suspicious activity and mitigate risks before breaches occur.

CommercialConstructionEnvironmental EngineeringInfrastructureSmart BuildingSustainability

Responsibilities

Ability to gather, interpret, document, and act on threat intelligence from multiple sources—including internal logs, external feeds, and open-source intelligence—to support proactive detection and response to emerging threats

Collaborate with vendors and leverage online resources to identify, understand, and document security threats, vulnerabilities, and exploits that could impact the enterprise environment

Coordinate response of security events that require urgent response, containment, and remediation

Provide analysis on various security enforcement technologies including, but not limited to authentication logs, SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc

Maintain knowledge base (KB) and standard operating procedure (SOP) articles, and coordinating meetings to share information and document identified threats, mitigation strategies, and best practices across the team

Provide documented IT security recommendations and best practices for threat detection, operational processes, system configuration, and policy development, ensuring guidance is clear, actionable, and aligned with organizational standards

Monitor existing platforms for latest IT Security features, then coordinate implementation

Perform IT Security incident investigations and reporting

Assist with development and maintenance of IT security policies and audit configuration of existing technologies and platforms

Coordinate and document tabletop exercises and regularly test incident response plans, capturing lessons learned and recommendations to strengthen organizational readiness and response capabilities

Research emerging information security technologies, document findings, and present actionable recommendations for potential adoption and integration into the organization’s security strategy

Perform miscellaneous duties as assigned

Qualification

CISSPCybersecurity frameworksThreat intelligence analysisIncident responseVulnerability scanningPenetration testingTCP/IP knowledgeMicrosoft Office 365AWS administrationCross-functional communicationRoot cause analysisTime managementContinuous learningTeam collaboration

Required

Bachelor's degree in information technology, Cybersecurity, or Business Administration, combined with a minimum of 5 years of direct professional experience in the Information Security domain

Collaborate with vendors and leverage online resources to identify, understand, and document security threats, vulnerabilities, and exploits that could impact the enterprise environment

Coordinate response of security events that require urgent response, containment, and remediation

Monitor existing platforms for latest IT Security features, then coordinate implementation

Perform IT Security incident investigations and reporting

Assist with development and maintenance of IT security policies and audit configuration of existing technologies and platforms

Coordinate and document tabletop exercises and regularly test incident response plans, capturing lessons learned and recommendations to strengthen organizational readiness and response capabilities

Research emerging information security technologies, document findings, and present actionable recommendations for potential adoption and integration into the organization's security strategy

Proven ability to rapidly adapt to evolving technologies and threat landscapes, with a continuous learning mindset toward emerging tools, platforms, and cybersecurity methodologies

Previous experience serving as an escalation point for IT security incidents, including participation in after-hours on-call rotations to support urgent threat response and remediation activities

TCP/IP knowledge and understanding of network infrastructure: firewalls, routers, switches, load balancers, remote access technology (VPN)

Strong ability to troubleshoot complex technical issues, lead root cause analysis investigations, and manage support queues to ensure timely resolution and continuous improvement of security operations

Working knowledge of the CIS (Center for Internet Security) Top 20 Critical Security Controls, with practical application in risk mitigation, compliance alignment, and security posture improvement

Understanding of global data privacy regulations, including GDPR, CCPA, and other applicable frameworks, with practical experience supporting policy implementation, user data protection, and regulatory reporting

Experience conducting IT security audits and supporting compliance initiatives, including security control assessments, evidence collection, and remediation tracking

Experience conducting third-party vendor cyber assessments

Preferred

Industry-recognized certifications such as CISSP, CISM, CEH, or Security+ are strongly preferred

Experience collaborating with Managed Detection and Response (MDR) providers and/or Managed Security Service Providers (MSSPs) to triage and respond to security incidents, analyze threat intelligence reports, and process Indicators of Compromise (IOCs) across hybrid environments

Experience implementing and supporting NIST and CMMC cybersecurity frameworks, including control mapping, audit preparation, and reporting activities aligned with compliance requirements

Ability to produce clear, actionable written reports and IT security recommendations tailored to technical and non-technical audiences, including executive stakeholders, auditors, and compliance teams

MITRE ATT&K framework familiarity for mapping adversary tactics

Proactive threat hunting using behavioral analytics and threat intel feeds

Familiarity with DLP technologies

Experience encoding/decoding Base64

Familiarity with REST APIs for integrating security tools, automating workflows, and retrieving threat intelligence data

Able to read and understand packet level data

Microsoft Office 365, Entra ID, and Intune administration

Experience with Amazon web services administration

Experience with vulnerability scans and pen testing

Enterprise messaging systems: Experience with On-prem Exchange and Exchange Online administration, Message header analysis and message trace, TLS encryption and mail transport rules, Whitelist / blacklist management for threat mitigation, Experience with email hygiene products such as Google, Proofpoint, Barracuda, or Symantec, Configuration of DMARC, DKIM, SPF, and MX DNS records

Understanding of Microsoft Windows platforms including: Active Directory user and group management, GPO configuration, and domain services, Windows security architecture and terminology, Privilege escalation techniques, Common mitigation controls and system hardening, Endpoint Protection: Experience with monitoring and administration of a commercial endpoint AV solution, Ability to identify common false positives and make suggestions on tuning whitelists, policies, and rules, Experiencing creating endpoint protection policies, Log auditing and analysis, Operating system hardening to reduce attack surface, including patching, privileged access reviews, and recommendations for disabling unnecessary applications and services

Malware: Ability to identify phishing email, analyze malicious URL threats, and decode encrypted HTML attachments (base64), Setup isolated systems to detonate malicious payloads, Understanding of malware mitigation controls in an enterprise environment