IT Security Analyst

Become Part of Our Team

As an industry leader Balfour Beatty offers employees a comprehensive benefits package with competitive salaries and more including:

• Medical, Dental, Vision and Life Insurance
• Health Savings Account
• 401(k) with company match
• Flexible Spending Accounts (Dependent & Medical Reimbursement)
• Vacation Time
• Sick Time
• Holidays
• Paid Volunteer time
• Tuition Assistance
• Employee Referral Bonus

Balfour Beatty is seeking an IT Security Analyst to join our Corporate Services team in Dallas, Texas. This is a hybrid position (3 days in the office, 2 days working from home).

The IT Security Analyst is responsible for ensuring that the company's digital assets are protected from unauthorized access. This includes securing both online and on-premise infrastructures through metrics and data to filter out suspicious activity and finding and mitigating risks before breaches occur. They will then help to make the necessary changes for a more secure network and may also create training programs and modules to educate employees and users on proper security protocols. Furthermore, security analysts are responsible for keeping the company's security systems up to date and creating documentation and planning for all security-related information, including incident response and disaster recovery plans.

• Ability to gather, interpret, document, and act on threat intelligence from multiple sources-including internal logs, external feeds, and open-source intelligence-to support proactive detection and response to emerging threats.
• Collaborate with vendors and leverage online resources to identify, understand, and document security threats, vulnerabilities, and exploits that could impact the enterprise environment.
• Coordinate response of security events that require urgent response, containment, and remediation
• Provide analysis on various security enforcement technologies including, but not limited to authentication logs, SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc.
• Maintain knowledge base (KB) and standard operating procedure (SOP) articles, and coordinating meetings to share information and document identified threats, mitigation strategies, and best practices across the team.
• Provide documented IT security recommendations and best practices for threat detection, operational processes, system configuration, and policy development, ensuring guidance is clear, actionable, and aligned with organizational standards.
• Monitor existing platforms for latest IT Security features, then coordinate implementation
• Perform IT Security incident investigations and reporting
• Assist with development and maintenance of IT security policies and audit configuration of existing technologies and platforms.
• Coordinate and document tabletop exercises and regularly test incident response plans, capturing lessons learned and recommendations to strengthen organizational readiness and response capabilities.
• Research emerging information security technologies, document findings, and present actionable recommendations for potential adoption and integration into the organization's security strategy.
• Perform miscellaneous duties as assigned.

• The majority of the work is completed in an office setting at the Corporate Services main office.
• Hybrid work schedule (3 days in the office, 2 from home)
• Periodic to frequent travel required.

General

• Bachelor's degree in information technology, Cybersecurity, or Business Administration, combined with a minimum of 5 years of direct professional experience in the Information Security domain.
• Industry-recognized certifications such as CISSP, CISM, CEH, or Security+ are strongly preferred.
• Experience collaborating with Managed Detection and Response (MDR) providers and/or Managed Security Service Providers (MSSPs) to triage and respond to security incidents, analyze threat intelligence reports, and process Indicators of Compromise (IOCs) across hybrid environments.
• Experience implementing and supporting NIST and CMMC cybersecurity frameworks, including control mapping, audit preparation, and reporting activities aligned with compliance requirements.
• Time management skills, operational reporting, and cross-functional communication-essential for coordinating with internal teams and external partners such as MSSPs, auditors, and compliance stakeholders.
• Ability to gather, interpret, and act on threat intelligence from multiple sources (internal logs, external feeds, open-source intelligence).
• Ability to produce clear, actionable written reports and IT security recommendations tailored to technical and non-technical audiences, including executive stakeholders, auditors, and compliance teams
• Proven ability to rapidly adapt to evolving technologies and threat landscapes, with a continuous learning mindset toward emerging tools, platforms, and cybersecurity methodologies.
• Previous experience serving as an escalation point for IT security incidents, including participation in after-hours on-call rotations to support urgent threat response and remediation activities.
• TCP/IP knowledge and understanding of network infrastructure: firewalls, routers, switches, load balancers, remote access technology (VPN).
• Strong ability to troubleshoot complex technical issues, lead root cause analysis investigations, and manage support queues to ensure timely resolution and continuous improvement of security operations.
• Working knowledge of the CIS (Center for Internet Security) Top 20 Critical Security Controls, with practical application in risk mitigation, compliance alignment, and security posture improvement.
• Understanding of global data privacy regulations, including GDPR, CCPA, and other applicable frameworks, with practical experience supporting policy implementation, user data protection, and regulatory reporting
• Experience conducting IT security audits and supporting compliance initiatives, including security control assessments, evidence collection, and remediation tracking.
• Experience conducting third-party vendor cyber assessments.

Technical

• MITRE ATT&K framework familiarity for mapping adversary tactics
• Proactive threat hunting using behavioral analytics and threat intel feeds
• Familiarity with DLP technologies
• Experience encoding/decoding Base64
• Familiarity with REST APIs for integrating security tools, automating workflows, and retrieving threat intelligence data.
• Able to read and understand packet level data
• Microsoft Office 365, Entra ID, and Intune administration
  
  
  
  • Entra ID passthrough authentication
  • Microsoft Entra Connect
  • Entra ID security log analysis
  • Entra ID conditional access policies
  • Ability to script in Python and PowerShell
  • Mobile device compliance and configuration policy management
  
  
  
  

• Experience with Amazon web services administration
• Experience with vulnerability scans and pen testing
• Enterprise messaging systems:
  
  
  
  • Experience with On-prem Exchange and Exchange Online administration
  • Message header analysis and message trace
  • TLS encryption and mail transport rules
  • Whitelist / blacklist management for threat mitigation
  • Experience with email hygiene products such as Google, Proofpoint, Barracuda, or Symantec
  • Configuration of DMARC, DKIM, SPF, and MX DNS records
  
  
  
  
• Understanding of Microsoft Windows platforms including:
• Active Directory user and group management, GPO configuration, and domain services
• Windows security architecture and terminology
• Privilege escalation techniques
• Common mitigation controls and system hardening
• Endpoint Protection
  
  
  
  • Experience with monitoring and administration of a commercial endpoint AV solution
  • Ability to identify common false positives and make suggestions on tuning whitelists, policies, and rules
  • Experiencing creating endpoint protection policies
  • Log auditing and analysis
  • Operating system hardening to reduce attack surface, including patching, privileged access reviews, and recommendations for disabling unnecessary applications and services
  
  
  
  
• Malware
  
  
  
  • Ability to identify phishing email, analyze malicious URL threats, and decode encrypted HTML attachments (base64)
  • Setup isolated systems to detonate malicious payloads
  • Understanding of malware mitigation controls in an enterprise environment.
  
  
  
  

Balfour Beatty US is an industry-leading provider of general contracting, at-risk construction management and design-build services for public and private sector clients across the nation. Performing heavy civil and vertical construction, our teams build the unique structures and infrastructure that play an important role in how people live, work, learn and play in our communities. Our teammates have an instinctive passion for innovating that is fueled by a relentless curiosity, a drive to employ lean practices and processes and the determination to find a better way. Through Zero Harm, we are challenging the construction industry's assumptions about safety. We believe that no level of harm should come to anyone as a result of our business.

Consistently ranked among the nation's largest building contractors by Engineering News-Record, our US business is a subsidiary of London-based Balfour Beatty plc (LSE: BBY).

Balfour Beatty is an equal opportunity employer that recognizes the value of a diverse workforce. All qualified individuals will receive consideration for employment without regard to race, color, age, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, genetic information, or any other criteria protected by federal, state or local law.