Burns & McDonnell Jobs

Job Information

Burns & McDonnell Information Security Specialist - Information Technology (Multiple Locations) in Wallingford, Connecticut


The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats and provides cybersecurity governance for the company. Burns & McDonnell is rapidly transitioning to cloud infrastructure, applications, and services. Information Security needs a Staff Information Security Specialist focusing on cloud security. The Information Security Specialist provides cybersecurity subject matter expertise and performs Information Security functions of protecting the company.

  • Conduct security risk assessments of cloud-based applications and services currently used, or may be potentially used, by the company, rank security risks, and articulate risk in terms of business impact.

  • Collaborate with the business on cloud-based applications and services evaluated with high risk to propose alternate solutions, compensating controls, or risk reduction strategies.

  • Collaborate with individual employees using overly permissive cloud-based applications to mitigate the risk of company data exposure.

  • Analyze Burns & McDonnell cloud infrastructure environments for cybersecurity risks and provide mitigation recommendations to relevant IT architecture, engineering, and operational teams.

  • Perform security verification of configuration and settings for Burns & McDonnell cloud infrastructure environments and Software as a Service (SaaS) solutions.

  • Provide advice and guidance in implementing Information Security policies, standards, and requirements applicable to cloud security.

  • Conduct exercises to validate the effectiveness of cloud-related cybersecurity controls.

  • Provide oversight to remediate cloud-related security findings identified through internal audits, external audits, penetration testing or vulnerability scanning.

  • Identify and recommend improvements to the company cybersecurity capabilities.

  • Lead assigned Information Security initiatives and projects

  • Assist with responding to cyber threats associated with cloud infrastructure, applications, and services.

  • All other duties as assigned


  • Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. Applicable years of experience may be substituted for the degree requirement.

  • Minimum 8 years of experience (4 years in information Security preferred).

  • Information security certification preferred.

  • Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel

  • Demonstrated knowledge of securing cloud environments and applying cloud security controls

  • Demonstrated knowledge of cloud architectures (preferably Azure and AWS), integration of SaaS solutions, and cloud-based applications

  • Demonstrated knowledge of security risk analysis and assessments

  • Demonstrated knowledge of applying security testing methods

  • Demonstrated knowledge of MITRE ATT&CK framework and emerging cybersecurity threats

  • Demonstrated knowledge of investigating cloud-related threats and applying computer forensics principles

  • Demonstrated knowledge of applying network operations and protocols

  • Demonstrated knowledge of one or more programming/scripting language (preferably in PowerShell)

  • Demonstrated knowledge of security policies and standards


Job Security

Primary Location US-MO-Kansas City

Other Locations US-AZ-Phoenix, US-TX-Houston, US-NC-Raleigh, US-FL-Orlando, US-CT-Wallingford, US-CA-Brea, US-VA-Norfolk, US-GA-Atlanta, US-MN-Minneapolis/St Paul, US-IL-Chicago, US-PA-Conshohocken, US-SC-Greenville

Schedule: Full-time

Travel: No

Req ID: 221546