Description

The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats and provides cybersecurity governance for the company. Burns & McDonnell is rapidly transitioning to cloud infrastructure, applications, and services. Information Security needs a Staff Information Security Specialist focusing on cloud security. The Information Security Specialist provides cybersecurity subject matter expertise and performs Information Security functions of protecting the company.

• Conduct security risk assessments of cloud-based applications and services currently used, or may be potentially used, by the company, rank security risks, and articulate risk in terms of business impact.

• Collaborate with the business on cloud-based applications and services evaluated with high risk to propose alternate solutions, compensating controls, or risk reduction strategies.

• Collaborate with individual employees using overly permissive cloud-based applications to mitigate the risk of company data exposure.

• Analyze Burns & McDonnell cloud infrastructure environments for cybersecurity risks and provide mitigation recommendations to relevant IT architecture, engineering, and operational teams.

• Perform security verification of configuration and settings for Burns & McDonnell cloud infrastructure environments and Software as a Service (SaaS) solutions.

• Provide advice and guidance in implementing Information Security policies, standards, and requirements applicable to cloud security.

• Conduct exercises to validate the effectiveness of cloud-related cybersecurity controls.

• Provide oversight to remediate cloud-related security findings identified through internal audits, external audits, penetration testing or vulnerability scanning.

• Identify and recommend improvements to the company cybersecurity capabilities.

• Lead assigned Information Security initiatives and projects

• Assist with responding to cyber threats associated with cloud infrastructure, applications, and services.

• All other duties as assigned

Qualifications

• Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. Applicable years of experience may be substituted for the degree requirement.

• Minimum 8 years of experience (4 years in information Security preferred).

• Information security certification preferred.

• Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel

• Demonstrated knowledge of securing cloud environments and applying cloud security controls

• Demonstrated knowledge of cloud architectures (preferably Azure and AWS), integration of SaaS solutions, and cloud-based applications

• Demonstrated knowledge of security risk analysis and assessments

• Demonstrated knowledge of applying security testing methods

• Demonstrated knowledge of MITRE ATT&CK framework and emerging cybersecurity threats

• Demonstrated knowledge of investigating cloud-related threats and applying computer forensics principles

• Demonstrated knowledge of applying network operations and protocols

• Demonstrated knowledge of one or more programming/scripting language (preferably in PowerShell)

• Demonstrated knowledge of security policies and standards

EEO/Minorities/Females/Disabled/Veterans

Job Security

Primary Location US-MO-Kansas City

Other Locations US-AZ-Phoenix, US-TX-Houston, US-NC-Raleigh, US-FL-Orlando, US-CT-Wallingford, US-CA-Brea, US-VA-Norfolk, US-GA-Atlanta, US-MN-Minneapolis/St Paul, US-IL-Chicago, US-PA-Conshohocken, US-SC-Greenville

Schedule: Full-time

Travel: No

Req ID: 221546

#LI-MG #COR