Job Description
A tech services company in Illinois is currently seeking an experienced Security Engineer for a great Senior-level opportunity with their staff. In this role, the Senior Security Engineer will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios.
Responsibilities:
The Senior Security Engineer will:
- Design, implement, and improve security controls for applications
- Develop, maintain, and review security architecture and design to ensure it aligns with organizational goals and industry best practices
- Maintain and update security documentation, including architecture diagrams, policies, procedures, and guidelines
- Conduct thorough security assessments of web applications, identifying vulnerabilities and security weaknesses
- Perform automated and manual security testing using industry-standard tools and methodologies
- Conduct pen tests of internally developed applications and external interfaces
- Participate in incident response activities, investigating and mitigating security incidents when they occur
- Perform threat modeling and risk assessments to identify potential security threats and prioritize mitigation efforts
- Provide detailed remediation recommendations to development teams and work closely with them to address security vulnerabilities in a timely manner
- Evaluate and select security products and services from third-party vendors, ensuring they meet the organization's security requirements
- Security Tools and Technologies: Stay up to date with the latest security tools, technologies, and industry trends
- Educate developers and stakeholders about security best practices and ensure a security-conscious culture within the organization
- Perform other duties, as needed
Qualifications:
- 5+ years of experience in one of the following: Mobile Security, Threat Modeling, Secure Coding, Identity Management & Authentication, Software Development, Cryptography, System Administration and Network Security
- Bachelor's Degree in Computer Engineering, Computer Science, Information/Cyber Security or a related field
- Knowledge of Security Coding practices and the ability to guide development teams
- Experience with multiple Programming languages (such as, Java, Go, Ruby, C++, Python, Perl, etc.).
- An understanding of Network and Web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience as a Web Application Developer or the ability to show a clear understanding of web services
- Experience with Automated Security tasks
- Experience with pen testing tools such as, but not limited to Burp Suite and Metasploit
- Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
Desired Skills:
- Security or Linux certifications such as, but not limited to CISSP, LFCE, LFCS, RHCSA, CEH, CASE, RHCE, Red Hat Certified Specialist in Security: Linux
- Subject matter expertise in Cryptography
- Proficiency in Application Security testing tools and Vulnerability Scanning
- Experience with System Administration, including log analysis
- Knowledge of Compliance frameworks such as PCI DSS, HIPAA, NIST, etc.,
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience with NodeJS, the Spring Framework, Ruby
- Ability to stay updated on emerging threats and security best practices
- Participation in CTFs
- Experience security cloud environments, e.g. AWS