Job Description

Position Details:

Title: Cybersecurity Engineer 4

Location: Chicago, IL 60661 (Hybrid – 3 days/week onsite)

Duration: 12 Months Contract (Possible extension)

 

Job Description:

Top Skills / Manager Notes:

• Interview Type (F2F Or virtual) & Rounds: 1 round- 1 hour- Panel interview (video)- technical & general questions to validate the candidate.
• Top 3 Technical skills: Running DAST, Application development background, of Vulnerability management.
• Preferred Years of experience: min 7 years of experience is minimum but open to considering senior-level candidates with 15-20 yrs of exp too.
• Ideal candidate: looking for a Cybersecurity Engineer who can assist our DAST program - Rapid7 or any other similar tool.
• Education Preference: IT degree and min 5 years of experience

 

Additional Summary: 

We are part of the enterprise & cybersecurity team.
Probably maybe intermediate experience
Having an application development background is nice but not required (to scan results)- Python/GIT/DevOps/Azure
There are 3 towers- DAST/SAST and others.
DevOps-Automation setting up CI/CD pipelines, build & deploy.
Looking for a genuine resource who can set a pipeline.
Schedule the scans for Rapid7.
Timings- 8-5 CST
Travel- 5 to 20% may be required.
GitHub & Azure DevOps experience
Cybersecurity with an IT degree and 7+ years of experience
Certifications- required- Any cybersecurity related.
We do have a team in the US & India so looking for someone who is an individual contributor.
They should be available for video meetings during the work hours.
They need to collaborate with the Indian team.
ServiceNow for managing vulnerability findings- nice to have but required.
DAST- Rapid7 or any other tool experience required.

 

Job Description:

Cybersecurity engineers are responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

Position’s Contributions to Work Group:  
At Client Digital, every software engineer is the one who cares the most about their application. As a Senior Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level and act a trusted partner in their mission to deliver solutions securely.
You will be responsible for delivering a suite of security services according to internal processes and standards, including:
1. Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
2. Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
3. Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
4. Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
5. Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Client Digital.
6. Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Client Digital avoid similar mistakes in their own applications.

Typical task breakdown:
- Provide security consulting and perspective during architectural discussions and decision making.
- Consult with solution developers to ensure understanding of security principles and best practices.
- Triage security vulnerabilities and recommend and/or execute remediations or mitigations.
- Engage with business personnel including project managers, products owners, and end-users as needed providing well-rounded contributions based on strong security expertise.
- Consult with solution architects, developers, cloud engineers, security engineers and other team members to ensure a successful project delivery.
- Contribute to and peer review various technical documents including security architecture diagrams and policy documents.

Interaction with team:
- DevOps Team consists of 13 currently and will be supporting a new project that has 60+ project members. This team also supports other established applications within the organization.
- This team is cross-functional. Successful team members will be expected to think outside the box, learn new skills, etc., to support each other and the project.

Work environment:  
- Hybrid 

Education & Experience Required:
- Bachelor’s degree with 8+ years’ experience
- If No degree, they must have at least 12 years’ experience 

Technical Skills 
(Required)
- Experience with cybersecurity best practices including ISO, SOC, OWASP, MITRE, and Microsoft standards
- Experience audit existing solutions or environments against Security and GRC standards

Soft Skills
(Required)
- someone who is comfortable in working in a R&D setting and take on admin tasks when needed.

Job Tags

Full time, Contract work, Remote job, 3 days per week,

Similar Jobs