The Staff Cyber Security Specialist will lead internal and external network cyber vulnerability and firewall assessments. The ideal candidate will have expertise and experience successfully executing and reporting on the vulnerabilities and exploits utilized in penetrating networks. This will include making recommendations on vulnerability mitigation of computer systems and networks in corporate and secured environments. The staff cybersecurity specialist will provide the cybersecurity project manager with expertise in working with clients to establish rules of engagement, project plans, and schedules and provide status reports and documentation of findings and mitigations.
The candidate will work collaboratively with other groups and divisions inside of Burns & McDonnell. The ideal candidate should be detail oriented with good analytical and risk assessment skills and strong listening, written, and computer communication skills for reporting and auditing purposes. Candidates should have some or all of the following qualifications and experience.
- Conduct vulnerability assessments of critical electric infrastructure, for both compliance and security purposes.
- Perform detailed, post event analysis of unusual events, and direct needed procedure or process changes in response.
- Maintain knowledge of the cyber security capabilities of operating systems, networking devices, control systems, and vendor offerings.
- Maintain a broad knowledge of current and emerging state-of-the-art computer/network systems technologies, architectures, and products.
- Work methodically and analytically in a quantitative problem-solving environment.
- Resolve technical issues and the implications to the business and be able to communicate them with other operation departments within the business.
- Execute the planning, design, development and implementation of technical controls, procedures and policy associated with compliance to cyber security regulatory standards.
- Develop regulatory policies & procedures, secure process control network design, technical and design recommendations for the implementation of firewalls and other network security and compliance controls.
- Provide technical documentation of network traffic as well as firewall services/solutions including explanations and diagrams.
- Strong customer focus
- Excellent technical writing and oral communication skills
- Demonstrated ability to work on assigned projects with minimal supervision
- Experience executing penetration tests on wired and wireless networks
- Experience and/or familiarity with system security configurations for Windows and Linux systems
- Experience and/or familiarity with security configurations for switches, firewalls, intrusion detection systems, intrusion protection systems, and other network-attached devices
- Experience and familiarity with vulnerability assessment methodologies and information gathering tools such as Nessus, Wireshark, Nmap, and equivalents
- Associate’s or Bachelor’s degree in Cybersecurity, Information Technology, Management Information Systems (MIS), Computer Science, Computer Engineering, Electrical Engineering, or a related technical field with 3 years of appropriate experience or 7 years combined education and applicable experience
- Minimum of 5-7 years of technical hands-on experience with firewalls and other network technologies
- Understanding of security principles and good knowledge of cyber security technologies, backed up with suitable credentials or certifications.
- Experience with cyber security vulnerability assessments, penetration tests, and the tools/techniques involved in both.
- Experience in the capabilities and/or configuration of cyber security controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching and hotfix, logging.
- Strong analytical and critical thinking skills.
- Ability to operate under pressure and under tight deadlines, to operate in on-site industrial (Electric Power) work, and occasional night and weekend work.
- Demonstrated capability to make sound decisions based on good security practices and principles.
- Experience with corporate policies and procedures and/or technical writing skills.
- Experience with network routing, switching, and TCP/IP.
- Experience with physical cabling for network communications and control system I/O.
- CISSP certification (additional certifications with Cisco, VMWare, or Microsoft are a plus) Knowledge and understanding of the NIST SP 800 series, the NIST Cybersecurity Framework, SANS Institute Center for Internet Security 20 Critical Security Controls, PCI-DSS, HIPAA or other standards Previous systems administration experience Previous network engineering experience Experience working with personnel at all levels of an organization Ability to clear a 7-year background check.
US-MO-Kansas City, US-AZ-Phoenix, CA-AB-Calgary, US-TX-Houston, US-FL-Orlando, US-TX-Austin, US-GA-Atlanta, US-TX-Dallas, US-IL-Chicago
Yes, 50 % of the Time
212631 Job Hire Type