cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
johnspass
Viewer

Information Security Senior - Bechtel

Information Security Senior

Click here to apply!

  • Relocation Authorized: None 
  • Telework Type: Part-Time Telework 
  • Work Location: The position will be based in Glendale (AZ), Reston (VA), Houston (TX) or Oak Ridge (TN).

Project Overview

The Bechtel Information Security and Compliance team is seeking a well-rounded Information Security Professional that has depth of knowledge across multiple domains of information security, and demonstrated expertise with on-prem networking and cloud services. Applicants should have a strong technical background and a thorough understanding of information risks as it relates to the business, viewing security holistically, applying risk management intelligently, using creative problem solving techniques, and the ability to work successfully with others.

 

The position will be based to one of the main offices of Bechtel, which are Glendale (AZ), Reston (VA), Houston (TX) or Oak Ridge (TN). The candidate needs to be near and able to travel into one of these offices as needed.

 

Responsibilities

  • Lead and/or assist in the development and design of network security architecture, policies, standards, procedures, training, and documentation of network security solutions including Data Loss Prevention, firewalls, routers, and logging and analysis tools.
  • Define situations in terms of the security risks and is able to educate peers and management so they can make informed business decisions based on a risk management methodology.
  • Identify Key Performance Indicators and system controls. Developing, populating, and tracking performance metrics and providing analysis reports.
  • Provide security subject matter expertise and consultation to cross functional teams on network security solutions including architecture, design, documentation and policies.
  • Lead the security reviews and provides approval for changes to network, infrastructure and connectivity solutions through the Change Management process. Ensure changes are in compliance with policies and/best information security practices. Work to improve and streamline the change management process.
  • Perform risk analysis of potential business options and provide consultations to business leaders on options for risk mitigation.
  • Review technical standards and procedures and makes recommendations for improvement in alignment with policy and best security practices.
  • Review cloud, on-prem and hybrid security architectures and develop design strategies geared toward maximizing the available solution space while maintaining information security standards.
  • Provide technical and functional leadership on complex projects.
  • Work successfully with various groups to solve IS&T and business problems with available technology.
  • Develop, pilot, and test secure implementation plans for new and emerging technology solutions.
  • Instruct, direct, and monitor the work of other network analysts and staff.
  • Provide excellent customer service to stakeholders including routine interactions/communication with customers, vendors, and other support staff.
  • Function as a technical mentor within the team and to other employees in order to foster a team environment.
  • Keep informed of issues and changes in the information security industry including new technology and processes for managing change.
  • Assist with the audit processes and investigations as needed.
  • Travel to Bechtel jobsites and offices as needed.

Qualifications and Skills

  • Bachelor’s Degree and 13+ years of relevant experience in information technology.
  • Experience with the management and design of network security infrastructure such as firewalls, proxies, VPNs, switches, etc.
  • Professional experience with enterprise level network, Internet DMZ infrastructure, WAN, LAN.
  • 6+ years hands on experience in 5 or more of the security domains listed below including:
    • Security Governance and Management.
    • Access Control.
    • Incident Response.
    • Network Security Operations.
    • Security Architectures.
    • Identity Management.
    • Application Security.
    • Disaster Recovery & Business Continuity.
    • System Development Life Cycle.
  • 4+ years of experience in the following:
    • Implementing and managing network security.
    • Implementing and managing the security of an enterprise Windows environment.
    • Information risk assessments.
    • Implementing and testing IT controls and performing operational audits.
    • Implementing cryptography and key management.
    • Implementing Cloud Security.
  • 3+ years of experience in the following:
    • Developing, implementing, and maintaining information security policies and procedures, and develop security accreditation/certification documentation.
    • Cloud Infrastructure environments (Azure, AWS, OCI, etc.)
  • Clear and demonstratable understanding of security frameworks (e.g. ISO 27001, NIST).
  • Clear and demonstratable understanding of risks associated to the use of Open Source software.
  • Excellent verbal and written communication skills with demonstrated ability to write risk assessments and technical reports.
  • US citizenship is required.

Additional Qualifications

  • Able to conceptualize and implement information security systems and architectures.
  • Experience with TCP/IP protocol stack assessment and scanning tools, endpoint solutions, and audit logs from various platforms.
  • Able to provide information security engineering analysis on a variety of information systems.
  • Knowledge and experience with ICS and OT networks security.
  • Ability to take a broad view of his/her position and take initiative to communicate, interact, and cooperate with others to ensure that all aspects of a task are addressed.
  • Understanding of Authentication protocols, SSO and Identity Federation.
  • Automation/development experience (Python, PowerShell) desirable.
  • CISSP or other information security certifications desirable.
0 Replies