Senior Information Security Analyst

Description

The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats with focus on continually reducing cybersecurity risk for the company.

The Senior Information Security Analyst functions as a subject matter expert in evaluating the overall security posture. They will assess and identify vulnerabilities, analyze risks, and recommend solutions to mitigate these risks.

Responsibilities

• Risk Assessment: Conduct regular assessments of the organizations cybersecurity measures to identify vulnerabilities and risks.
• Monitoring and Analysis: Use various tools to monitor networks and systems for security breaches or intrusions. Analyze security breaches to understand their root causes.
• Incident Response: Play a key role in responding to security incidents and breaches, including assisting with investigations and remediation efforts.
• Reporting: Prepare detailed reports on security issues, such as breach incidents, current risk status, and improvement recommendations.
• Policy Development Support: Assist in developing and updating the organizations security policies and procedures based on the findings and evolving threat landscape.
• Training: Perform security awareness training program related to phishing campaigns.
• All other duties as assigned.
  
  

• Bachelors degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field.
• Minimum 8 years of experience in Information Security.
• Information Security certification (CISSP, GSEC, Security )
• Demonstrated expert knowledge with two or more Information Security technologies such as EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP
• Broad understanding of network and security protocols such as, DNS, SPF/DKIM/DMARC, SSL/TLS, TCP/UDP, IPSec.
• Experience with CIS Critical Security Controls, OWASP Top 10, and MITRE ATT&CK framework.
• Demonstrated knowledge and experience of securing cloud environments such as Azure, AWS, and GCP.
• Broad experience and familiarity with Information Technology such as routers, load balancers, web application gateways, PKI, and Active Directory.
• Demonstrated knowledge of compliance frameworks (ISO 27001, SOC 2, NIST, FedRAMP, etc.).
• Demonstrated ability to evaluate cybersecurity risk and propose risk mitigations to technical and non-technical audiences.
• Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel.