Information Security Analyst

Information Security Analyst

At JH Kelly
, we’re seeking a proactive, detail-oriented, and results-driven analyst to join our IT team and strengthen our security posture across the organization. If you thrive in a fast-paced environment, excel at identifying and driving remediation of vulnerabilities, enjoy leading security initiatives with measurable outcomes, possess strong technical and collaboration skills, and have a solid background in information security and auditing, this is your opportunity to contribute to a legacy construction leader.

Celebrating over a century of excellence, JH Kelly is a fourth-generation, family-owned construction powerhouse known for tackling complex commercial and heavy industrial projects. With offices in Vancouver, Longview, Seattle, Bellingham, WA, and Milwaukie, OR, we’re an industry leader fueled by an award-winning team committed to safety, quality, and a dynamic, tight-knit culture.

$80,000–$105,000 (DOE) FLSA exempt.

• Comprehensive Medical/Vision/Rx – Dental/Ortho Coverage: JH Kelly pays 87.5% of total premiums.
• Paid Vacation and Holidays: Generous PTO model to support work-life balance.
• 401K: 50% company match on the first 6% of employee contributions.
• Life Insurance, AD&D, STD & LTD: Paid 100% by JH Kelly.
• Annual Performance Bonuses: Opportunity for additional compensation based on performance.
• Profit Sharing: Participate in JH Kelly’s profit‑sharing program. Averaging 9% of total compensation over the past 10 years.

• Own the vulnerability management lifecycle: discovery, scanning, validation, risk scoring, prioritization, remediation coordination, verification, and reporting of closure metrics.
• Identify vulnerabilities and misconfigurations across endpoints, servers, networks, cloud services, identity systems, and business applications; validate findings to reduce false positives.
• Partner with system owners and IT team members to drive remediation activities, track progress, remove blockers, and confirm resolution through rescans and control validation.
• Establish and maintain remediation SLAs/targets by severity and help prioritize work based on business risk and exposure.

• Administer and continuously improve security tools.
• Tune detections and workflows to reduce noise, improve signal, and ensure actionable alerting and response processes.

• Lead or coordinate internal and third-party security assessments, including penetration tests and remediation follow-up, security audits, configuration reviews, and control validation.
• Maintain audit readiness by ensuring security controls are documented, implemented, and verifiable; support evidence gathering and audit responses in collaboration with IT leadership.

• Develop and run disaster recovery and incident response exercises in partnership with IT Infrastructure leadership.
• Assist with incident response as needed: triage, investigation support, containment recommendations, documentation, lessons learned, and corrective action tracking.
• Maintain and improve security runbooks and escalation paths for security events.

• Lead internal phishing campaigns and security awareness initiatives; analyze outcomes and drive improvements through training, process changes, and technical controls.
• Create targeted training and communications based on observed risk patterns.

• Develop and maintain security policies, standards, and procedures.
• Translate technical findings into practical policies and guidance; partner with stakeholders to ensure adoption.

• Lead and deliver security projects end-to-end.
• Work closely with IT team members and other departments to remediate findings and improve systems safely and effectively.
• Provide transparent, actionable reporting to IT leadership: risk trends, remediation status, program maturity improvements, and measurable outcomes.

• Experience: 3–…