The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats with focus on continually reducing cybersecurity risk for the company. The Senior Information Security Analyst functions as a subject matter expert in evaluating the overall security posture. They will assess and identify vulnerabilities, analyze risks, and recommend solutions to mitigate these risks. Responsibilities : Risk Assessment: Conduct regular assessments of the organization's cybersecurity measures to identify vulnerabilities and risks. Monitoring and Analysis: Use various tools to monitor networks and systems for security breaches or intrusions. Analyze security breaches to understand their root causes. Incident Response: Play a key role in responding to security incidents and breaches, including assisting with investigations and remediation efforts. Reporting: Prepare detailed reports on security issues, such as breach incidents, current risk status, and improvement recommendations. Policy Development Support: Assist in developing and updating the organization's security policies and procedures based on the findings and evolving threat landscape. Training: Perform security awareness training program related to phishing campaigns. All other duties as assigned. - Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. Minimum 8 years of experience in Information Security. Information Security certification (CISSP, GSEC, Security+) Demonstrated expert knowledge with two or more Information Security technologies such as EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP Broad understanding of network and security protocols such as, DNS, SPF/DKIM/DMARC, SSL/TLS, TCP/UDP, IPSec. Experience with CIS Critical Security Controls, OWASP Top 10, and MITRE ATT&CK framework. Demonstrated knowledge and experience of securing cloud environments such as Azure, AWS, and GCP. Broad experience and familiarity with Information Technology such as routers, load balancers, web application gateways, PKI, and Active Directory. Demonstrated knowledge of compliance frameworks (ISO 27001, SOC 2, NIST, FedRAMP, etc.). Demonstrated ability to evaluate cybersecurity risk and propose risk mitigations to technical and non-technical audiences. Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel.
