**Description** The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats with focus on continually reducing cybersecurity risk for the company. The Senior Information Security Analyst functions as a subject matter expert in evaluating the overall security posture. They will assess and identify vulnerabilities, analyze risks, and recommend solutions to mitigate these risks. Responsibilities : + Risk Assessment: Conduct regular assessments of the organization's cybersecurity measures to identify vulnerabilities and risks. + Monitoring and Analysis: Use various tools to monitor networks and systems for security breaches or intrusions. Analyze security breaches to understand their root causes. + Incident Response: Play a key role in responding to security incidents and breaches, including assisting with investigations and remediation efforts. + Reporting: Prepare detailed reports on security issues, such as breach incidents, current risk status, and improvement recommendations. + Policy Development Support: Assist in developing and updating the organization's security policies and procedures based on the findings and evolving threat landscape. + Training: Perform security awareness training program related to phishing campaigns. + All other duties as assigned. **Qualifications** + Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or related field. + Minimum 8 years of experience in Information Security. + Information Security certification (CISSP, GSEC, Security ) + Demonstrated expert knowledge with two or more Information Security technologies such as EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP + Broad understanding of network and security protocols such as, DNS, SPF/DKIM/DMARC, SSL/TLS, TCP/UDP, IPSec. + Experience with CIS Critical Security Controls, OWASP Top 10, and MITRE ATT&CK framework. + Demonstrated knowledge and experience of securing cloud environments such as Azure, AWS, and GCP. + Broad experience and familiarity with Information Technology such as routers, load balancers, web application gateways, PKI, and Active Directory. + Demonstrated knowledge of compliance frameworks (ISO 27001, SOC 2, NIST, FedRAMP, etc.). + Demonstrated ability to evaluate cybersecurity risk and propose risk mitigations to technical and non-technical audiences. + Highly effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel. **Job** Engineering **Primary Location** India-Maharashtra-Mumbai **Schedule:** Full-time **Travel:** No **Req ID:** 251102 **Job Hire Type** Experienced Not Applicable #BMI N/A