Description The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats and provides cybersecurity governance for the company. Burns & McDonnell is rapidly transitioning to cloud infrastructure, applications, and services. Information Security needs a Staff Information Security Specialist focusing on cloud security. The Information Security Specialist provides cybersecurity subject matter expertise and performs Information Security functions of protecting the company.
- Conduct security risk assessments of cloud-based applications and services currently used, or may be potentially used, by the company, rank security risks, and articulate risk in terms of business impact.
- Collaborate with the business on cloud-based applications and services evaluated with high risk to propose alternate solutions, compensating controls, or risk reduction strategies.
- Collaborate with individual employees using overly permissive cloud-based applications to mitigate the risk of company data exposure.
- Analyze Burns & McDonnell cloud infrastructure environments for cybersecurity risks and provide mitigation recommendations to relevant IT architecture, engineering, and operational teams.
- Perform security verification of configuration and settings for Burns & McDonnell cloud infrastructure environments and Software as a Service (SaaS) solutions.
- Provide advice and guidance in implementing Information Security policies, standards, and requirements applicable to cloud security.
- Conduct exercises to validate the effectiveness of cloud-related cybersecurity controls.
- Provide oversight to remediate cloud-related security findings identified through internal audits, external audits, penetration testing or vulnerability scanning.
- Identify and recommend improvements to the company cybersecurity capabilities.
- Lead assigned Information Security initiatives and projects
- Assist with responding to cyber threats associated with cloud infrastructure, applications, and services.
- All other duties as assigned
Qualifications - Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. Applicable years of experience may be substituted for the degree requirement.
- Minimum 8 years of experience (4 years in information Security preferred).
- Information security certification preferred.
- Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel
- Demonstrated knowledge of securing cloud environments and applying cloud security controls
- Demonstrated knowledge of cloud architectures (preferably Azure and AWS), integration of SaaS solutions, and cloud-based applications
- Demonstrated knowledge of security risk analysis and assessments
- Demonstrated knowledge of applying security testing methods
- Demonstrated knowledge of MITRE ATT&CK framework and emerging cybersecurity threats
- Demonstrated knowledge of investigating cloud-related threats and applying computer forensics principles
- Demonstrated knowledge of applying network operations and protocols
- Demonstrated knowledge of one or more programming/scripting language (preferably in PowerShell)
- Demonstrated knowledge of security policies and standards
EEO/Minorities/Females/Disabled/Veterans
Job Security
Primary Location US-MO-Kansas City
Other Locations US-AZ-Phoenix, US-TX-Houston, US-NC-Raleigh, US-FL-Orlando, US-CT-Wallingford, US-CA-Brea, US-VA-Norfolk, US-GA-Atlanta, US-MN-Minneapolis/St Paul, US-IL-Chicago, US-PA-Conshohocken, US-SC-Greenville
Schedule: Full-time
Travel: No
Req ID: 221546