IT Security Analyst

Thornton Tomasetti
applies engineering and scientific principles to solve the world's challenges. An independent organization of creative thinkers and innovative doers collaborating from offices worldwide, our mission is to bring our clients' ideas to life and, in the process, lay the groundwork for a better, more resilient future. We provide support and opportunities to our employees to achieve their full potential and cultivate a rewarding career.

Thornton Tomasetti has a rich history of developing world-leading software for applications internal to our business and in some cases for external use as well. We have a challenging combination of global exposure, business opportunity, a rich variety of technology in use, and sensitive client requirements. This position is an unusual opportunity for a cyber specialist who enjoys thinking creatively, working in a people-oriented dynamic environment, and producing clever solutions that balance risk and benefit.

Thornton Tomasetti's Custom-developed Tools Integrate Existing Backend Systems, Expose Their Data To Broad Staff Use, And Automate Certain Activities. These Tools Are Of Two Key Types

• "business" systems that help the company communicate, manage its operations, and measure performance. An example of this is a master database of our projects, current and historical, that allows staff to find relevant work that might help them and allows management to analyze trends and better sell the next generation of work.
• "design/engineering" systems that allow us to conduct our technical work of designing, evaluating, and improving buildings and other structures more efficiently around the world. This includes, for example, harvesting data from Autodesk design modeling tools to use in other analytical tools.

The Role
Role
We are seeking an analyst to work with our software development teams to advise on key risks and options for mitigating them, as well as hands-on help to improve the code. This team member will work with other developers, internal customers, and specialists (including information technology, software vendors and consultants). The primary responsibility of the Cyber Specialist is to evaluate options for improving our cyber security, help build and get consensus on implementation plans, and then lead execution of those improvements in collaboration with other IT and Cyber specialists. This team member will be tasked with identifying potential enhancements, helping to make a business case for implementing them, and leading implementation of improvements in cooperation with other experts and stakeholders. The role would also include:

• Develop and maintain best practices.
• Broad understanding of big picture, software architecture, networking.
• Help during planning and execution phases.
• Standardization around authentication mechanisms.
• Privacy awareness (e.g., PII/GDPR/CCPA).
• Backend security: Website/server, database, container.
• Frontend security: Client applications, web pages, APIs.
• Coordinate vulnerability testing.
• Create and maintain review checklists.
• Assist teams in implementing security best practices.
• Hands on participation in incident response and remediation efforts.

Responsibilities
Strategic

• Evaluate the "current state" to identify strengths, weaknesses and opportunities associated with our systems and fit with our culture and business needs.
• Understand the available commercial software/service options and configuration possibilities and identify opportunities that will benefit the firm.
• Monitor changes in external requirements including security certification programs, regulation, and industry best practices.

Tactical

• Develop plans for changes, upgrades, maintenance, training, and communication.
• Hands on management of improvement programs, re-configurations, and effectiveness of our evolving tools, including issue tracking, user support and vendor relations.
• Develop training materials and other ways to evangelize good cyber security practices in the company.
• Participate in proactive problem avoidance as well as incident investigation/lessons learned activities.

Requirements

• 5+ years in software development with significant experience in planning and design for custom software development.
• Deep awareness of cyber issues and options for software development, with a CISSP or another credential preferred.
• Awareness of evolving US Government cybersecurity requirements and international standards in major markets where TT operates (especially North America, UK, India).
• Strong knowledge of full stack javascript development and cloud services architecture (AWS and Azure services) is essential.
• Familiarity with Web & Desktop Application Development, Cloud services, Linux & Windows System administration.

Tools And Technologies

• (most important)
• Javascript
• React, Vue, Angular front-end frameworks
• MongoDB
• AWS & Microsoft Azure cloud platforms
• C# .NET
• Python
• PowerShell
• Docker
• Linux
• Apache
• Nginx
• Git
• Windows
• Flexibility to learn other languages, tools, techniques, etc. as needed.

Thornton Tomasetti is proud to be an equal employment workplace. Individuals seeking employment at Thornton Tomasetti are considered without regards to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws.

Thornton Tomasetti Global Terms of Use and Privacy Statement
Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at Thornton Tomasetti are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.

Beware Of Recruitment Fraud:
Scammers may attempt to impersonate Thornton Tomasetti. Messages from our firm come only from the domain, Thornton Tomasetti does not use any third-party recruiters. When in doubt, please contact us through our web form here and see how you can protect yourself online here.