Cyber Security Analyst - Government Risk Compliance (Multiple Locations)

Description

The Cyber Security Analyst will support projects addressing Information Technology (IT) and Industrial Control System security. The Cyber Security Analyst supports the execution of projects consisting of network penetration testing, web application security testing, cybersecurity vulnerability assessments, secure system design and integration, and/or development of cybersecurity programs at client sites in a wide variety of industries utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other industry or data specific compliance frameworks and regulations.

• Assist with post-event analysis of unusual events and assist with direction of needed changes to procedures or processes in response.
• Assist with operational issues and implement design alterations to address these issues.
• Assist in technical issues, identify the implications to the business, and be able to communicate any impacts with other operational departments within the business.
• Attend industry specific technical conferences.
• Assist with the policies and procedures, secure process control network design, technical and design recommendations for the implementation of firewalls and other network security and compliance controls.
• Actively participate in a qualitative and quantitative problem-solving environment.
• Assist with technical documentation of network traffic as well as firewall services and solutions including explanations and diagrams.
• Assist with the planning, design, development and implementation of technical controls, procedures and policy associated with adherence to cybersecurity compliance and/or regulatory standards.
• Assist in penetration testing and vulnerability assessments of IT and Operational Technology (OT) networks for both compliance and security purposes.
• Collaborate with other groups and divisions inside Burns & McDonnell to provide cybersecurity services.
• Maintain highest level of integrity, protecting confidentiality and security of client and project information.
• Maintain knowledge of the cybersecurity capabilities of operating systems, networking devices, control systems, and vendor offerings.
• Pursue, obtain, and maintain industry recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others as necessary.

All other duties as assigned

Qualifications

• Bachelor’s degree required in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field. Applicable years of experience may be considered in lieu of degree requirement.
• Strong analytical and critical thinking skills.
• Candidates must be legally authorized to work in the United States on a full-time basis without requiring future sponsorship for employment visa status.
• General knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
• Effective written and oral communication skills.
• Knowledge of modern and legacy computer networking and telecommunications.
• Maintain a basic knowledge of current and emerging state-of-the-art computer and network systems technologies, architectures, and products.
• Ability to operate under pressure and under tight deadlines, to operate in on-site industrial, corporate, and government work.
• General knowledge of cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.
• Knowledge physical cabling for network communications and control system Input/Output.
• Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
• Internship experience preferred.
• Ability to obtain and maintain access to current and future client sites, including ability to obtain and maintain applicable U.S. security clearances.
• General knowledge of the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.
• Maintain a working knowledge of applicable cybersecurity standards involving control systems, including those relating to process networks.
• Basic understanding of cybersecurity principles and general knowledge of cybersecurity technologies, as well as industry recognized certifications.
• Demonstrated capability to make sound decisions based on good security practices and principles.

EEO/Minorities/Females/Disabled/Veterans

Job Security

Primary Location US-GA-Atlanta

Other Locations US-FL-Orlando, US-NC-Raleigh

Schedule: Full-time

Travel: Yes, 50 % of the Time

Req ID: 230856 Job Hire Type New Grad

\#LI-JB \#T&D N/A