Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
johnspass
Viewer
‎02-26-2023 12:40 AM
‎02-26-2023 12:40 AM

Information Security Analyst - Bechtel

Information Security Analyst

 

Click here to apply!

 

  • Telework Type: Part-Time Telework 
  • Work Location: The position will be based in Glendale (AZ), Reston (VA), Houston (TX) or Oak Ridge (TN).

Position Summary

The Bechtel Information Security & Compliance team is seeking a well-rounded information security analyst that has demonstrated experience and knowledge of cloud services, risk assessment methodologies and capable to conduct risk assessments for SaaS, PaaS, IaaS and other cloud-based services required by the business; viewing security holistically, applying risk management intelligently, using creative problem-solving techniques, and having the ability to work successfully with multidisciplinary teams. Applicants must be familiar with ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 2018 standards, Cloud Security Alliance CAIQ, FedRAMP, and NIST 800-53 controls, capable to clearly understand Penetration Test and Vulnerability Assessment reports, as well as associated mitigation and corrective actions, experience documenting and developing policies and procedures toward achieving compliance, and excellent communication skills. 

 

Responsibilities

  • Plan and conduct risk assessments of requested cloud services.
  • Document risk assessment reports, identifying and recommending corrective and mitigation actions, based on established information security requirements, and keep track of them.
  • Conduct periodic reviews and re-assessment of contracted cloud services.
  • Present cloud service risk assessments to service requestors and upper management and discuss required corrective and mitigation actions with the vendors. 
  • Provides security subject matter expertise and consultation to internal customers in regards of the use of cloud services
  • Evaluate and review the integration of cloud and on-prem (hybrid) systems while maintaining Bechtel high security requirements and standards. 
  • Development and implementation of information security policies, standards, procedures,
  • Work successfully with internal groups to provide guidance with available and approved information security technology.
  •  Working with Contracts, Procurement, and Legal on contractual requirements; recommend contract revisions, and recommendations to protect Bechtel's interests.
  • Provide excellent customer service to stakeholders and internal teams, including routine interactions/communication with internal customers, vendors, and other support staff. 
  • Maintain cloud security by monitoring and ensuring compliance to standards, policies, and procedures.
  • Ability to collaborate with other team members and multidisciplinary working groups.
  • Travel to Bechtel jobsites and offices as required.

 

Qualifications and Skills

Basic Qualifications

  • BS in a computer related field or 6 years of equivalent IT work experience. 
  • US Citizenship required. 
  • Strong information security background with deep understanding of information security frameworks and standards.
  • Information security risk management knowledge.

 

Additional Qualifications

  • 2+ years hands-on experience in 4 or more of the security domains listed below including: 
    • Cloud Services
    • Network Security Operations 
    • Incident Handling
    • Security Architectures
    • Identity and Access Management 
    • Disaster Recovery and Business Continuity 
    • Data encryption
    • Protection of PII and sensitive information
  • Experience working with Infrastructure as a Service (i.e. Azure, AWS, OCI).
  • Strong understanding of Windows, Linux, iOS, and Android.
  • Good knowledge of TCP/IP protocol stack, vulnerability assessment and scanning tools, endpoint security solutions, and audit logs from various platforms.
  • Knowledge of information security risk assessments and mitigation controls for on-prem and cloud services.
  • Familiarity with industry standards, guidelines and regulatory/ compliance requirements related to information security and cloud computing such as ISO 27001, Cloud Security Alliance (GSA), NIST 800-53, PCI DSS, SOC2, etc.
  • Ability to write and present business and technical reports. 
  • Understanding of IoT, Operational Technology (OT) networks and Industrial Control Systems (ICS).
  • GIAC, CISSP or CEH certifications is a plus.
Reply
2 Replies
Chawki
Viewer II
‎04-04-2023 01:42 PM
‎04-04-2023 01:42 PM

I'm interested ! @johnspass 

Reply
0 Kudos
jamensah2
Newcomer II
‎03-12-2023 01:37 AM
‎03-12-2023 01:37 AM

Interested

Reply
0 Kudos
johnspass
Viewer
‎02-26-2023 12:40 AM
‎02-26-2023 12:40 AM

Information Security Analyst - Bechtel

Information Security Analyst

 

Click here to apply!

 

  • Telework Type: Part-Time Telework 
  • Work Location: The position will be based in Glendale (AZ), Reston (VA), Houston (TX) or Oak Ridge (TN).

Position Summary

The Bechtel Information Security & Compliance team is seeking a well-rounded information security analyst that has demonstrated experience and knowledge of cloud services, risk assessment methodologies and capable to conduct risk assessments for SaaS, PaaS, IaaS and other cloud-based services required by the business; viewing security holistically, applying risk management intelligently, using creative problem-solving techniques, and having the ability to work successfully with multidisciplinary teams. Applicants must be familiar with ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 2018 standards, Cloud Security Alliance CAIQ, FedRAMP, and NIST 800-53 controls, capable to clearly understand Penetration Test and Vulnerability Assessment reports, as well as associated mitigation and corrective actions, experience documenting and developing policies and procedures toward achieving compliance, and excellent communication skills. 

 

Responsibilities

  • Plan and conduct risk assessments of requested cloud services.
  • Document risk assessment reports, identifying and recommending corrective and mitigation actions, based on established information security requirements, and keep track of them.
  • Conduct periodic reviews and re-assessment of contracted cloud services.
  • Present cloud service risk assessments to service requestors and upper management and discuss required corrective and mitigation actions with the vendors. 
  • Provides security subject matter expertise and consultation to internal customers in regards of the use of cloud services
  • Evaluate and review the integration of cloud and on-prem (hybrid) systems while maintaining Bechtel high security requirements and standards. 
  • Development and implementation of information security policies, standards, procedures,
  • Work successfully with internal groups to provide guidance with available and approved information security technology.
  •  Working with Contracts, Procurement, and Legal on contractual requirements; recommend contract revisions, and recommendations to protect Bechtel's interests.
  • Provide excellent customer service to stakeholders and internal teams, including routine interactions/communication with internal customers, vendors, and other support staff. 
  • Maintain cloud security by monitoring and ensuring compliance to standards, policies, and procedures.
  • Ability to collaborate with other team members and multidisciplinary working groups.
  • Travel to Bechtel jobsites and offices as required.

 

Qualifications and Skills

Basic Qualifications

  • BS in a computer related field or 6 years of equivalent IT work experience. 
  • US Citizenship required. 
  • Strong information security background with deep understanding of information security frameworks and standards.
  • Information security risk management knowledge.

 

Additional Qualifications

  • 2+ years hands-on experience in 4 or more of the security domains listed below including: 
    • Cloud Services
    • Network Security Operations 
    • Incident Handling
    • Security Architectures
    • Identity and Access Management 
    • Disaster Recovery and Business Continuity 
    • Data encryption
    • Protection of PII and sensitive information
  • Experience working with Infrastructure as a Service (i.e. Azure, AWS, OCI).
  • Strong understanding of Windows, Linux, iOS, and Android.
  • Good knowledge of TCP/IP protocol stack, vulnerability assessment and scanning tools, endpoint security solutions, and audit logs from various platforms.
  • Knowledge of information security risk assessments and mitigation controls for on-prem and cloud services.
  • Familiarity with industry standards, guidelines and regulatory/ compliance requirements related to information security and cloud computing such as ISO 27001, Cloud Security Alliance (GSA), NIST 800-53, PCI DSS, SOC2, etc.
  • Ability to write and present business and technical reports. 
  • Understanding of IoT, Operational Technology (OT) networks and Industrial Control Systems (ICS).
  • GIAC, CISSP or CEH certifications is a plus.
Reply