Information Security Analyst - Red Team

The Nature Conservancy

Arlington, Virginia

Job Type Permanent
Salary Details Competitive

About Us

Since 1951, The Nature Conservancy has been doing work you can believe in protecting the lands and waters that all life depends on. As a science-based organization, we create innovative, on-the-ground solutions to our world’s toughest challenges so that we can create a world in which people and nature thrive.

We’re rooted in our Mission and guided by our Values, which includes a Commitment to Diversity and Respect for People, Communities, and Cultures. We know we’ll only achieve our Mission by hiring and engaging a diverse workforce that reflects the communities in which we work. Whether it’s career development, work/life balance, or a rewarding mission, there’s lots of reasons to love life #insideTNC. Our goal is to cultivate an inclusive work environment so that all of our colleagues around the globe feel a sense of belonging, and that their unique contributions to our mission are valued.

Position Summary

The Information Security Analyst is responsible for supporting information security and risk management activities centered around system and network security.

You’ll be a member of the Red Team - Auditors and Testers. This team searches for risks in TNC's systems and works with technical teams to close them. They also work with technical teams to establish standards and secure baselines for technology and operations

Responsibilities and Scope

  • The Information Security Analyst (ISA) is responsible for participating in information security-related activities. In pursuit of this mission, the ISA coordinates tactical information security activities with information technology and other staff in a complex, decentralized global organization.

The ISA performs the following activities:

  • Administer security testing of applications and platforms including vulnerability scanning and penetration testing.
  • Performs risk assessments on both internal and external/third party systems and services.
  • Identify and track IT asset vulnerabilities.
  • Communicate and coordinate with stakeholders to ensure completed remediation of vulnerabilities.

This position requires routine contact with IT as well as non-technical staff. This position reports to a Principal Information Security Analyst and supervises no staff.

  • Participate in technical security testing and analysis of proposed and existing technology solutions.
  • Maintain system and network inventory for internal and cloud-based resources.
  • Work with DevOps team(s) and Application Security team to maintain up to date versions of libraries or third-party code used in applications/websites.
  • Assist in design and conducting of red team/blue team activities.
  • Participate in development of technical security standards, particularly for networks, servers, and cloud platforms.
  • Provide advice and consultation for staff on information security-related policies, procedures, and best practices.
  • Write technical documentation for and deliver technical presentations to IT staff.
  • Conduct routine network scanning and assessment of results.

Desired Skills & Experience

  • Entry-level security certification such as Security+, GSEC, or Associate of (ISC)2.
  • Three years of experience in an information technology department in any combination of operations, development, data engineering, or support with some security focus.
  • Bachelor’s degree in relevant technical discipline and 3 years’ experience or equivalent combination.
  • Intermediate security certification such as AWS, GSEC, CSSP, SSCP, or CySA+,
  • Experience working in a decentralized global organization, supporting staff and/or systems located in multiple states and/or countries.
  • Experience with system administration, network administration, application development, and/or cloud administration (AWS or Azure).
  • Familiarity with and comfort performing process automation tasks using your choice of programming or scripting language(s).
  • Experience with network and host security auditing tools.
  • Understanding of MITRE ATT&CK Framework.
  • Experience with Kali Linux, Nessus, Tenable, or other sets of tools for vulnerability assessments.

To view the full position description and apply, please visit Search for job ID# 49566 in the keyword search. If you experience technical issues, please refer to our applicant user guide or contact

The Nature Conservancy is an Equal Opportunity Employer. Women, minorities, people with disabilities and veterans are encouraged to apply. Please visit our career center for a full list of all our open positions globally – new positions are posted often!

When you apply, please indicate that you are responding to the posting on Conservation Job Board.