Description
The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats with focus on continually reducing cybersecurity risk for the company. The Senior Information Security Analyst functions as a subject matter expert in evaluating the overall security posture. They will assess and identify vulnerabilities, analyze risks, and recommend solutions to mitigate these risks.
Responsibilities
- Risk Assessment: Conduct regular assessments of the organization's cybersecurity measures to identify vulnerabilities and risks.
- Monitoring and Analysis: Use various tools to monitor networks and systems for security breaches or intrusions.
- Analyze security breaches to understand their root causes.
- Incident Response: Play a key role in responding to security incidents and breaches, including assisting with investigations and remediation efforts.
- Reporting: Prepare detailed reports on security issues, such as breach incidents, current risk status, and improvement recommendations.
- Policy Development Support: Assist in developing and updating the organization's security policies and procedures based on the findings and evolving threat landscape.
- Training: Perform security awareness training program related to phishing campaigns.
- All other duties as assigned.
Qualifications
- Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field.
- Minimum 8 years of experience in Information Security.
- Information Security certification (CISSP, GSEC, Security )
- Demonstrated expert knowledge with two or more Information Security technologies such as EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP
- Broad understanding of network and security protocols such as, DNS, SPF/DKIM/DMARC, SSL/TLS, TCP/UDP, IPSec.
- Experience with CIS Critical Security Controls, OWASP Top 10, and MITRE ATT&CK framework.
- Demonstrated knowledge and experience of securing cloud environments such as Azure, AWS, and GCP.
- Broad experience and familiarity with Information Technology such as routers, load balancers, web application gateways, PKI, and Active Directory.
- Demonstrated knowledge of compliance frameworks (ISO 27001, SOC 2, NIST, FedRAMP, etc.).
- Demonstrated ability to evaluate cybersecurity risk and propose risk mitigations to technical and non-technical audiences.
- Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel.
This job posting will remain open a minimum of 72 hours and on an ongoing basis until filled.
Job Engineering
Primary Location India-Karnataka-Bengaluru
Schedule: Full-time
Travel: No
Req ID: 261395
Job Hire Type Experienced Not Applicable #BMI N/A
