IT Security Analyst

Who We Are: 

We are honored to be named a Top Workplace by the Detroit Free Press for six consecutive years! Here at KL&A, we love what we do and believe that our employees are our greatest asset which is why we search for the best and brightest (and perhaps the most caffeinated) of the bunch. This is why our employees have the opportunity to work in an environment of their choosing: whether in the dynamic office environment, in your PJ bottoms at home, or a combination of the two.  

KL&A is an IT consulting firm that knocks the socks off our clients. We work closely with organizations across the United States to develop creative business solutions through project & program management and custom software applications so they can focus on what’s most important…their mission. 

Who You Are: 

You understand the importance of maintaining a secure digital environment while staying compliant with industry regulations. Your technical skills would make even the most formidable cyber threats think twice.  Equipped with a natural affinity for problem-solving, you identify and resolve security issues with a touch of creativity. You possess the drive to stay ahead of the curve in the ever-evolving world of information security, always ready to embrace the latest tools and techniques. The prospect of being part of a team that continuously learns and adapts excites you, and you're ready to help them take on challenges that require you to think strategically about risks. You’re the Shakespeare of documentation, writing anything from workflows to policies and procedures, ensuring that our security practices remain up-to-date and aligned with the latest industry standards. Your analytical skills are so sharp they could cut through a firewall...and they’ll allow you to evaluate and recommend improvements to our existing security policies and technical safeguards.  

About the Role: 

As a Security Analyst at KL&A, you'll be at the forefront of safeguarding our organization's vital assets and sensitive information. You will manage the day-to-day operations of our existing security solutions, ensuring they're up and running smoothly to keep our digital fortress secure. You will work with the internal IT, DevOps, and development teams to document all security processes, findings, and solutions, and maintain clear and organized records of security incidents and responses. You will also create comprehensive reports on security vulnerabilities, risks, and recommendations, as well as develop and update security documentation, including policies, guidelines, and procedures. In addition to all that, you'll have the important task of sharing your insights about risks and how to tackle them with our management team, who will rely on your expertise to make good business decisions. 

  • Must be legally authorized to work in the US without a current or future need for visa sponsorship 
  • Bachelor’s Degree or higher 
  • 2+ years of relevant experience in security functions, including risk management, information security, privacy or data protection or assurance-related function 
  • Experience creating and/or maintaining documentation, including but not limited to, workflows, processes, SOPs, Policy & Procedures, SSPs, etc.  
  • Experience monitoring changes in regulations and industry best practices to ensure KL&A’s risk management, compliance, and audit practices remain up-to-date and aligned with evolving requirements 
  • Experience reading CVE reports and understanding the impact on multiple business functions within the company 
  • Experience comparing, evaluating, and recommending improvements in policies, procedures, and technical safeguards to address significant risks to the security of KL&A information systems and data 
  • Ability to balance and adjust security decisions based on qualified data with an understanding of operational business risks versus security threats 
  • Ability to participate in the development of education and awareness efforts and the timely dissemination of security information to staff and end users 
  • At least one of the following certifications is required or must be obtained within your first 12 months of employment: MCSA, CCNA, CRISC, CISA, CISM, CISSP, GISA, GISP, or CIPP 
  • Proficient with MS Office products 
  • Must be self-motivated with a desire and drive to continuously learn and grow as a professional and as an individual 
  • Ability to think strategically about security risks and tie those to tactical organizational activities 
  • Strong presentation skills to brief IT management and/or other internal customers as required 
  • Must have excellent verbal and written communication skills (English) 
  • Ability to build good relationships with teams, and stakeholders at all levels (e.g. management, colleagues) using strong competencies to build trust, change perceptions, effectively communicate, influence, and understand the flow of sensitive data between systems and applications 
  • This role will work a hybrid remote schedule and should expect to work in the Okemos, MI office 2-3 days per week  

Bonus Skills: 

  • Experience serving as the escalation point for internal and external audits, including SOC-2, and collecting and preparing security information and event metrics. 
  • Experience with technical documentation related to NIST CSF, SOC-2 and continuous monitoring. 
  • Experience using tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework. 
  • Background in IT or Network Administration 

Compensation & Perks: 

  • Competitive salaries with bonus potential 
  • Three (3) weeks of paid vacation (prorated for first year) 
  • 40 days of paid sick time (prorated for first year) 
  • Paid parental leave 
  • Family building assistance (adoption reimbursement, IVF counseling, etc.) 
  • 401(k) with immediate employer match 
  • Workspace Customization Bonus 
  • Ongoing education and training reimbursement 
  • Employee recruiting incentives 
  • Monthly communication reimbursement 
  • Premium healthcare insurance, including medical, dental, and vision for individuals, families, and domestic partners 
  • Flexible Spending Accounts for dependent care and medical care 
  • Employer-paid group long-term disability and group life insurance 
  • Voluntary insurance options, such as pet, critical illness, AD&D, and life. 
  • Awesome co-workers! 

Work Environment 

Since the COVID-19 pandemic forced most of us to work remotely, KL&A has embraced the new flexible scheduling that was one of the microscopic lights at the end of the isolated tunnel. As a result, we are conducting all interviews virtually (get your Zoom background ready.) New employees have the option of being onboarded into a virtual, in-person, or hybrid work schedule and are provided the tools they need to begin employment successfully, regardless of location. 

Kunz, Leigh & Associates provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Kunz, Leigh & Associates complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 

Kunz, Leigh & Associates expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Kunz, Leigh & Associates’ employees to perform their job duties may result in discipline up to and including discharge.