Information Security Analyst

At JH Kelly , we're seeking a proactive, detail-oriented, and results-driven Information Security Analyst to join our IT team and strengthen our security posture across the organization. If you thrive in a fast-paced environment, excel at identifying and driving remediation of vulnerabilities, enjoy leading security initiatives with measurable outcomes, possess strong technical and collaboration skills, and have a solid background in information security and auditing, this is your opportunity to contribute to a legacy construction leader. About Us Celebrating over a century of excellence, JH Kelly is a fourth-generation, family-owned construction powerhouse known for tackling complex commercial and heavy industrial projects. With offices in Vancouver, Longview, Seattle, Bellingham, WA, and Milwaukie, OR, we're an industry leader fueled by an award-winning team committed to safety, quality, and a dynamic, tight-knit culture. Learn more about our story at www.jhkelly.com Check out our job openings here: www.jhkelly.com/open-positions/

Salary Range:

$80,000-$105,000 (DOE) FLSA exempt. Benefits Package Comprehensive Medical/Vision/Rx -

Dental/Ortho Coverage:

JH Kelly pays 87.5% of total premiums.

Paid Vacation and Holidays:

Generous PTO model to support work-life balance. 401

K:

50% company match on the first 6% of employee contributions.

Life Insurance, AD&D, STD & LTD:

Paid 100% by JH Kelly.

Annual Performance Bonuses:

Opportunity for additional compensation based on performance.

Profit Sharing:

Participate in JH Kelly's profit-sharing program. Averaging 9% of total compensation over the past 10 years. Here's a deeper dive into your responsibilities: Vulnerability Management & Remediation Leadership Own the vulnerability management lifecycle: discovery, scanning, validation, risk scoring, prioritization, remediation coordination, verification, and reporting of closure metrics. Identify vulnerabilities and misconfigurations across endpoints, servers, networks, cloud services, identity systems, and business applications; validate findings to reduce false positives. Partner with system owners and IT team members to drive remediation activities, track progress, remove blockers, and confirm resolution through rescans and control validation. Establish and maintain remediation SLAs/targets by severity and help prioritize work based on business risk and exposure. Security Tooling Ownership & Program Execution Administer and continuously improve security tools. Tune detections and workflows to reduce noise, improve signal, and ensure actionable alerting and response processes. Security Assessment, Auditing, and Testing Lead or coordinate internal and third-party security assessments, including penetration tests and remediation follow-up, security audits, configuration reviews, and control validation. Maintain audit readiness by ensuring security controls are documented, implemented, and verifiable; support evidence gathering and audit responses in collaboration with IT leadership. Incident Preparedness, Response Support, and Resilience Develop and run disaster recovery and incident response exercises in partnership with IT Infrastructure leadership. Assist with incident response as needed: triage, investigation support, containment recommendations, documentation, lessons learned, and corrective action tracking. Maintain and improve security runbooks and escalation paths for security events. Security Awareness & Phishing Program Lead internal phishing campaigns and security awareness initiatives; analyze outcomes and drive improvements through training, process changes, and technical controls. Create targeted training and communications based on observed risk patterns. Policy, Standards, and Acceptable Use Documentation Develop and maintain security policies, standards, and procedures. Translate technical findings into practical policies and guidance; partner with stakeholders to ensure adoption. Cross-Team Collaboration & Security Project Leadership Lead and deliver security projects end-to-end. Work closely with IT team members and other departments to remediate findings and improve systems safely and effectively. Provide transparent, actionable reporting to IT leadership: risk trends, remediation status, program maturity improvements, and measurable outcomes.

What You Bring Experience:

3-6+ years of experience in information security, security operations, vulnerability management, IT auditing, or a closely related role. Demonstrated hands-on experience identifying and driving remediation of vulnerabilities and security findings across diverse environments. Experience supporting audits or compliance efforts (control testing, evidence collection, policy/standard documentation, risk assessment, remediation tracking, or audit readiness).

Auditing Background Requirement:

Proven experience in audit-related work (internal audit, external audit support, SOC evidence, control testing, or similar).

Education:

Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field OR equivalent combination of education and experience.

Skills & Mindset:

Strong understanding of security principles and controls. Ability to write clear, usable policy/procedure documentation and translate technical risk into business-impact language. Strong project coordination skills; ability to drive actions across teams and validate closure. Strong communication and collaboration skills; ability to influence and partner without direct authority. Preferred Qualifications Certifications (one or more preferred): Security+, CySA+, SSCP/CISSP (or associate), GIAC, CISA (highly preferred), vendor security certs. Experience with vulnerability management platforms. Experience with SIEM/log platforms and improving detection/response workflows. Experience building security awareness programs and phishing simulations with measurable outcomes. Familiarity with security standards and frameworks. Physical Requirements This office position requires the ability to sit for extended periods while working at a computer. Candidates must have the ability to perform repetitive tasks such as typing and using a mouse. Occasional standing, walking, bending, and reaching are necessary. The role also requires good manual dexterity and hand-eye coordination for handling office equipment weighing up to 20 pounds. The ability to communicate clearly and effectively, both verbally and in writing, is essential. The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.