Burns & McDonnell Information Security Specialist - Information Technology (Multiple Locations) in Conshohocken, Pennsylvania
The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats and provides cybersecurity governance for the company. Burns & McDonnell is rapidly transitioning to cloud infrastructure, applications, and services. Information Security needs a Staff Information Security Specialist focusing on cloud security. The Information Security Specialist provides cybersecurity subject matter expertise and performs Information Security functions of protecting the company.
Conduct security risk assessments of cloud-based applications and services currently used, or may be potentially used, by the company, rank security risks, and articulate risk in terms of business impact.
Collaborate with the business on cloud-based applications and services evaluated with high risk to propose alternate solutions, compensating controls, or risk reduction strategies.
Collaborate with individual employees using overly permissive cloud-based applications to mitigate the risk of company data exposure.
Analyze Burns & McDonnell cloud infrastructure environments for cybersecurity risks and provide mitigation recommendations to relevant IT architecture, engineering, and operational teams.
Perform security verification of configuration and settings for Burns & McDonnell cloud infrastructure environments and Software as a Service (SaaS) solutions.
Provide advice and guidance in implementing Information Security policies, standards, and requirements applicable to cloud security.
Conduct exercises to validate the effectiveness of cloud-related cybersecurity controls.
Provide oversight to remediate cloud-related security findings identified through internal audits, external audits, penetration testing or vulnerability scanning.
Identify and recommend improvements to the company cybersecurity capabilities.
Lead assigned Information Security initiatives and projects
Assist with responding to cyber threats associated with cloud infrastructure, applications, and services.
All other duties as assigned
Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. Applicable years of experience may be substituted for the degree requirement.
Minimum 8 years of experience (4 years in information Security preferred).
Information security certification preferred.
Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel
Demonstrated knowledge of securing cloud environments and applying cloud security controls
Demonstrated knowledge of cloud architectures (preferably Azure and AWS), integration of SaaS solutions, and cloud-based applications
Demonstrated knowledge of security risk analysis and assessments
Demonstrated knowledge of applying security testing methods
Demonstrated knowledge of MITRE ATT&CK framework and emerging cybersecurity threats
Demonstrated knowledge of investigating cloud-related threats and applying computer forensics principles
Demonstrated knowledge of applying network operations and protocols
Demonstrated knowledge of one or more programming/scripting language (preferably in PowerShell)
Demonstrated knowledge of security policies and standards
Primary Location US-MO-Kansas City
Other Locations US-AZ-Phoenix, US-TX-Houston, US-NC-Raleigh, US-FL-Orlando, US-CT-Wallingford, US-CA-Brea, US-VA-Norfolk, US-GA-Atlanta, US-MN-Minneapolis/St Paul, US-IL-Chicago, US-PA-Conshohocken, US-SC-Greenville
Req ID: 221546