Cybersecurity Engineer 4

Cybersecurity Engineer 4

Location: Chicago, Peoria, or Dallas office; 1 day in office (Wednesday), Duration: 12 months. This role will eventually go 5 days in office, so the candidate needs to be ok and ready to be fully back in office 5 days a week when needed.

Position's Contributions to Work Group:

As a Lead Cybersecurity Engineer, you will be responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

Typical task breakdown:

• Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
• Engineering Consulting – Serving as a "best friend" to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
• Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
• Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.

Interaction with team:

• Accountable for a dedicated set of applications to work directly with development teams. Part of a larger security engineering team that sets standards and ways of working for interacting with development teams.
• Security Engineers will help development teams identify security gaps in their applications and services and assist in coming up with solutions to close those gaps and make services compliant to enterprise security requirements.

Education & Experience Required:

• Bachelor's degree in computer science or a related field with 8+ or more years in information security
• Master's Degree must have 6+ years' experience

Technical Skills

• Application security expertise understanding vulnerabilities and remediation solutions (OWASP, CWE/CVE, SANS 25)
• Experience with a wide variety of information security processes and principles, such as: Enterprise security architecture, Threat modeling, Vulnerability assessment, Risk analysis, Defense in depth, SDLC and product development processes, Identity and access management, API security, SCA/SAST/DAST, Cloud security experience with MS Azure and/or AWS, Professional certification (CISSP, CCSP, GWAPT, GWEB, AWS SA / Certified Security, etc.), Development experience (Java, Python, .Net, JS, or equivalent), Implementation of automation and scripting

Soft Skills

• Excellent written and verbal communications skills; demonstrated ability to communicate highly technical security concepts to non-security audiences Ability to coordinate multiple teams in accomplishing process review and improvement

Disqualifiers/Red Flags :

• Choppy tenure/ consistent job hoping.
• If candidate is not local to one of the above office locations, we will not consider them for this role at this time.