Short DescriptionBowman has an opportunity for a Security Analyst III to join our team in Virginia.
PurposeServes as a senior member of the Information Security team and is responsible for advancing Bowman's cybersecurity posture through proactive monitoring, threat detection, incident investigation, and risk management. This role partners across IT, infrastructure, cloud, and business teams to protect sensitive information, strengthen security controls, and enable secure business operations while acting as a trusted security advisor.
ResponsibilitiesLeadership and Direction- Serve as a subject matter resource for cybersecurity initiatives, projects, and operational activities.
- Mentor junior analysts and provide guidance during incident investigations and risk assessments.
- Lead or contribute to cross-functional security initiatives and continuous improvement efforts.
- Promote security awareness and risk-informed decision-making across the organization.
- Communicate security risks, findings, and recommendations to both technical and non-technical stakeholders.
At the Operational and Company Level- Partner with IT, infrastructure, cloud, and business teams to identify and mitigate security risks.
- Support cybersecurity compliance initiatives, audits, and regulatory requirements.
- Conduct risk assessments and evaluate security controls against industry frameworks (e.g., NIST, CIS, ISO).
- Assist in developing and maintaining security policies, standards, procedures, and guidelines.
- Contribute to the organization's overall security program maturity and continuous improvement.
- Evaluate emerging threats, technologies, and digital transformation initiatives from a security perspective.
Do the Work- Monitor and triage security alerts across enterprise systems, networks, endpoints, cloud platforms, and applications.
- Investigate and respond to security incidents, including phishing, malware, unauthorized access, and indicators of compromise.
- Lead complex incident investigations and coordinate response efforts with internal and external stakeholders.
- Develop and maintain incident response procedures, playbooks, and escalation processes.
- Support vulnerability management activities including validation, prioritization, and remediation tracking.
- Administer, tune, and optimize cybersecurity tools to improve detection and response capabilities.
- Develop detection logic, security use cases, and automated workflows to enhance operational effectiveness.
- Perform security testing, control validation, and risk assessments.
- Monitor cloud environments and SaaS platforms for security risks and suspicious activity.
- Maintain documentation of security investigations, controls, and operational metrics.
Success Metrics and Competencies- Ability to work both independently and within a team environment.
- Highly motivated and problem-solving attitude.
- Strong sense of urgency in responding to constituents.
- Effective verbal and written communication skills.
- Strong work ethic and commitment to quality.
- Self-reliance and ability to operate independently with limited direction.
- Effective working relationship with internal leaders and peers, as well as external clients.
- Ability to effectively manage multiple time-sensitive tasks.
- Data analysis and interpretation skills.
- Demonstrates strong investigative and analytical capabilities in identifying and resolving security incidents.
- Effectively balances security requirements with business priorities.
- Improves detection, response, and overall security posture through continuous enhancement of tools and processes.
- Communicates complex technical concepts clearly to diverse audiences.
- Works independently while managing multiple priorities in a dynamic environment.
- Promotes collaboration, accountability, and a culture of security awareness.
- Maintains commitment to continuous learning and professional development.
Qualifications- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
- Five or more (5+) years of experience in cybersecurity, security operations, IT infrastructure, or related discipline.
- Experience investigating cybersecurity incidents, phishing campaigns, malware events, and unauthorized access attempts.
- Strong understanding of operating systems (Windows, Linux, macOS) and enterprise security principles.
- Working knowledge of networking, endpoint security, identity and access management, vulnerability management, and incident response.
- Experience supporting vulnerability assessments, remediation efforts, and security monitoring programs.
- Experience with enterprise security tools such as CrowdStrike, Microsoft Defender, Microsoft Sentinel, SIEM, EDR, vulnerability management, or identity security platforms.
- Familiarity with security frameworks such as NIST CSF, NIST 800-53, CIS Controls, or ISO 27001.
- Experience with cloud security and Microsoft security technologies.
- Preferred certifications: Security+, CySA+, CISSP, GIAC, Microsoft Security certifications, or equivalent.
- Strong analytical, problem-solving, and communication skills.
Salary and eligible variable compensation (if any) commensurate with experience. Range $41.00/hr- $53.00/hr and includes a comprehensive benefits package.
Our comprehensive benefits package includes:- Medical, dental, vision, life, and disability insurance
- 401(k) retirement savings plan with company match
- Paid time off, sick leave, and paid holidays
- Tuition reimbursement and professional development support
- Discretionary bonuses and other performance-based incentives
- Employee Assistance Program (EAP), wellness initiatives, and employee discounts
Eligibility for certain benefits may vary based on position, location, and employment status.
Physical Demands and Working Environment- Primarily indoor professional office environment which may include bright/dim light, noise, fumes, odors, and traffic.
- Mobility around an office environment.
- Frequent and prolonged use of standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
- May require after-hours or on-call support for incident response and critical security events.
- Occasional lifting or carrying up to 20 pounds.
- Occasional pushing or pulling up to 20 pounds.
- Occasional reaching outward or above shoulder.
Job Description DisclaimerNote: While this job description is intended to be an accurate reflection of the job requirements, it is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Management reserves the right to modify, add, or remove duties from particular jobs and to assign other duties as necessary at any time with or without notice.