Description
We are one of the first work-from-anywhere companies with 2,000+ team members utilizing our virtual office called eXp World. This role is work-from-anywhere in the U.S.
Who is eXp?
Doing the audacious is part of eXp Realty’s DNA. We are a company that rewards creative minds who can offer bold solutions, where opinions matter, anything is possible and the outcome can be revolutionary. As a global full-service real estate brokerage utilizing a 3-D, fully immersive, cloud office environment, offering 24/7 access to collaborative tools & training, eXp has broken the traditional mold of real estate. We are doing big things.
Come join us at eXp Realty – a 7x Glassdoor Best Places to Work organization!
What you will do:
As an IT Security Analyst, you will take a hands-on approach to safeguarding eXp’s infrastructure by implementing, configuring, and maintaining security systems.
Your role will focus on monitoring, analyzing, and resolving security events and vulnerabilities while ensuring the integrity and security of cloud-based systems and applications. You will manage technical security solutions, conduct system assessments, and work closely with IT teams to enhance eXp’s overall security posture.
This role demands technical expertise, attention to detail, and a passion for identifying and mitigating cyber threats in a rapidly evolving cloud environment.
How you will make an impact:
System Security Configuration:
- Implement, configure, and maintain security tools, including firewalls, endpoint detection & response (EDR) systems, intrusion detection/prevention systems (IDS/IPS), and cloud security solutions.
- Configure and monitor AWS security services such as Security Hub, GuardDuty, Inspector, and IAM policies.
- Administer Google Workspace security configurations, including email security, DLP rules, and third-party integrations.
Threat Management:
- Investigate, analyze, and respond to security incidents and alerts generated by SIEM and other monitoring tools.
- Perform threat hunting and validation activities to identify potential risks.
- Manage vulnerability scanning tools, analyze findings, and coordinate remediation efforts with stakeholders.
Access Control and Auditing:
- Maintain and enforce access control policies across systems, ensuring adherence to the principle of least privilege.
- Conduct regular audits of user access, logging, and security configurations to meet compliance requirements.
Security Automation:
- Develop and optimize scripts and workflows to automate repetitive security tasks, such as log analysis and incident reporting.
- Integrate security tools with existing systems to streamline monitoring and response.
Security Documentation and Reporting:
- Create and maintain technical documentation for security tools, processes, and configurations.
- Produce regular security metrics reports, including findings from vulnerability scans, incident investigations, and compliance checks.
Collaboration and Training:
- Work with DevOps, IT, and engineering teams to embed security best practices into the development and deployment pipelines.
- Provide technical guidance and training on security tools and configurations to internal teams.
How you will grab our attention:
Must-Haves:
Education and Experience:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, OR equivalent professional experience.
- A minimum of 3 years of experience in IT security or a related technical role.
Technical Security Expertise:
- Hands-on experience configuring and managing security tools such as EDR, SIEM, IDS/IPS, and cloud security services.
- In-depth knowledge of AWS security features (IAM, GuardDuty, Security Hub, Inspector).
- Strong understanding of Google Workspace security settings, including email filtering, DLP, and MFA.
Incident Response and Analysis:
- Proven ability to analyze and respond to security incidents, investigate root causes, and recommend technical solutions.
- Experience working with logs and event data from security tools for incident triage.
Vulnerability Management:
- Expertise in conducting and analyzing vulnerability assessments and working with teams to address identified risks.
Automation Skills:
- Proficiency in scripting (e.g., Python, PowerShell) to automate security workflows and enhance operational efficiency.
Security Framework Knowledge:
- Familiarity with frameworks and standards such as NIST, CIS, or ISO 27001, and their technical application in IT environments.
Nice-to-Have:
- Experience implementing security within DevOps/CI-CD pipelines.
- Knowledge of container security tools like AWS EKS, Docker, or Kubernetes.
- Cloud penetration testing skills.
- Security certifications such as CISSP, AWS Certified Security – Specialty, CEH, or GCP Security Engineer.
If you think you’d make a great match for this position but don’t meet all the requirements, we would still encourage you to apply!
What eXp provides:
- Work from Anywhere
- Flexible Time Off for Salaried Employees
- 401k with 4% match (immediate vesting)
- Robust Medical, Dental, & Vision benefits
- Company provided equipment
- Monthly Technology Stipend
- FSA & HSA with employer contributions
- Health & Wellness incentives
- 100% Paid Parental Leave
EEO Statement:
We believe strongly in the value of diversity and creating supportive, inclusive environments where our colleagues can succeed. As such, eXp is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, ancestry, national origin, religion, or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, citizenship, or other protected characteristics under federal, state or local law.
