Information Security Analyst

Region: Americas
Location: Bellevue, Washington, United States


Work closely with IT, cloud operations, and business teams to identify information security risks to the business and drive solutions for effective risk management. Support the administration of K2’s information security risk management framework related to security and general IT controls. Maintain security controls, security compliance, and work with IT, operations, and development teams on remediation and mitigation of findings.  Appropriate level will be determined based upon experience and knowledge
What you’ll be doing as a member of our team:
  • Assists in providing internal security advisory services regarding information security requirements, security policy/standards, security architecture, threat modeling, and ongoing maintenance of the information security risk management program, including policies, procedures, technical systems, compliance, and risk assessment activity
  • Identifies security exposures that currently exist or are emerging, and that create potential threats to K2’s infrastructure, systems or data
  • Analyze and assess vulnerabilities in the infrastructure (software, hardware, networks), investigate available tools and countermeasures to mitigate the detected vulnerabilities, and recommend solutions and best practices
  • Participate in periodic system audits, risk assessments, vulnerability assessments, and third-party security reviews to ensure that business partners, applications, networks, and infrastructure components adhere to security standards and policies
  • Assist with the remediation of local security issues and, if necessary, act as point of contact for K2’s security risk management activities
  • Contribute, as a team member, to all other risk, security, and privacy initiatives and services as appropriate
  • Work with auditors and vendors to support security and privacy maturity development
  • Research and evaluate current or emerging security technologies to support organizational security objectives
  • Assist or help conduct investigations into information security incidents, assist in root cause analysis and corrective/preventative actions, and recommend mitigation techniques
  • Assist in promoting awareness of security issues among the company
  • Execute and monitor security processes and events on a regular basis
  • Participate in the creation of information security documents (policies, standards, baselines, and work instructions)
  • Assist with analysis, development, and implementation of processes, procedures, and tools to enable continuously auditable compliance with regulatory standards
  • Contribute timely recommendations to effectively solve problems, using independent judgment consistent with standards, practices, policies, procedures, regulations, and/or law
  • Assist with evaluating the security controls and practices across the company; identify, analyze and mitigate risks as appropriate
  • Manage incident response process to ensure proper escalation, analysis and resolution of security incidents


What you’ll bring to the table:
  • Three to five years of experience in information security risk and compliance with a broad knowledge of network, cloud, and distributed server hardware and software solutions
  • Experience performing cyber security risk assessment, treatment planning and reporting
  • Possesses foundational understanding of Risk Management & IT concepts and principles
  • Understanding of security management and/or information risk and compliance processes and industry frameworks (ISO27001, NIST, COBIT)
  • Additional familiarity with compliance certification (SSAE 16, ISO27001, Safe Harbor / Privacy Shield, GDPR, etc.) is recommended
  • CISSP, CISA, CISM, CIPP Highly preferred. Other technical security certifications beneficial
  • Experience with incident response procedures
  • General and functional knowledge of hardware and software products that enhance the security of systems such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
  • Must possess basic knowledge of network, cloud, and distributed server hardware and software
  • Proven, broad, in-depth technical knowledge of security principles and process
  • Basic knowledge of security architecture models and principles with the ability to advise IT applications teams
  • Evangelize business and IT areas on security principles and good business practices approaches to improve security risk posture
  • Strong analytical, problem solving, and communication skills
  • Ability to work nights and weekends as needed to investigate and resolve security incidents
  • Ability to lift network and security equipment, sometimes in excess of 40lb
  • Some international travel may be required
  • Ability to pass a pre-employment background check
  • In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire
How to apply:

For more information about this position or to apply, send your resume to with "Information Security Analyst” in the subject line.