- Lead by example and independently perform all functions and services of the GIS AppSec team.
- Conduct advanced web application, micro-services, API, and cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.
- Perform targeted manual security reviews at key points in the software development life cycle.
- Perform peer reviews of assessment reports and provide constructive guidance to team members.
- Train others on tools and processes used in AppSec methodology.
- Provide technical guidance to team members and other stakeholders (e.g. development teams, project teams, business stakeholders).
- Provide input for strategic visioning/planning.
- Identify the need and develop new security standards and reference architectures.
- Identify metrics that can help measure performance, gaps in coverage, need for headcount, and trends in findings.
- Identify and document process improvements influence team and management support and prioritize changes.
- Establish yourself as a recognized technical expert within the team.
- Have an interest in continuing your education and training and staying current within the application security domain.
- 12+ years' experience performing security assessments of a wide variety of systems, applications, and technologies which include both proprietary and industry-standard protocols.
- Expert knowledge and experience performing manual security reviews of application source code for security vulnerabilities written in various languages including Java, .Net (C#, VB#), C++, *.
- Expert level skills with application security testing tools including Burp Suite Pro, Kali, Checkmarx, sqlmap, nmap, Wireshark, etc.
- Expert knowledge of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities most critical web vulnerabilities and how to identify and remediate them.
- Advanced knowledge of application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
- Advanced knowledge of UNIX/Linux/Windows.
- Advanced knowledge with scripting languages such as: Python, bash, Powershell, etc.
- Experience with drafting of Security Standards, Reference Architectures, and Secure Technical Implementation Guidelines.
- Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.
- Self-motivated and a self-starter (If you have a question, find the answer, ask somebody, figure it out, and communicate).
- Excellent Oral and Written communication skills.
- Certifications such as GWAPT, eWPTx, OSCP, OSWE, CISSP, or other relevant certifications are highly preferred.
-
Cyber Security Engineer
1 week ago
NovaWorks Solutions Willis, United StatesAbout the Company · Cogitron - Mind for Systems As a consulting firm with technical roots, we help our clients design their products safely and outstandingly in the context of diverse consulting projects. Sometimes we are helpers, sometimes coordinators, and sometimes auditors. · ...
-
IT Security Engineer
3 weeks ago
1872 Consulting Chicago, United StatesIT Security Engineer · Identify and Access Management (IAM) Focus · Chicago, IL - 3 days onsite in Loop, 2 days WFH · What you'll be doing · The IT Security Engineer will focus on the IAM function of IT Security, identifying, delivering and supporting the technology used to ...
-
Azure Security Engineer
3 weeks ago
Trident Consulting Chicago, United StatesTrident Consulting is looking for an Azure Security Engineer for one of our clients · Increase your chances of an interview by reading the following overview of this role before making an application. · Role: Azure Security Engineer · Location: Chicago IL (Hybrid–Onsite) · T ...
-
Principal Security Engineer
2 weeks ago
Glocomms Chicago, United StatesPrincipal Security Engineer · Location: Chicago or Dallas (hybrid, 3-days on-site) · Glocomms are partnered with a leading Financial Services firm in the search for a technically hands-on Principal Security Engineer to join a new division within the organization focusing on tec ...
-
senior cloud security engineer
3 weeks ago
City of Chicago Chicago, United StatesSenior Cloud Security Engineer · Department of Technology and Innovation · Number of Positions: 1 · The City of Chicago's Department of Technology and Innovation is seeking a Senior Cloud Security Engineer to join the City's Information Security Office team. The successful can ...
-
Principal Security Engineer
3 weeks ago
Glocomms Chicago, United StatesPrincipal Security Engineer · Location: Chicago or Dallas (hybrid, 3-days on-site) · Glocomms are partnered with a leading Financial Services firm in the search for a technically hands-on Principal Security Engineer to join a new division within the organization focusing on techn ...
-
Application Security Engineer
3 weeks ago
Tempus Chicago, United StatesPassionate about precision medicine and advancing the healthcare industry? · Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evi ...
-
Senior Security Engineer
10 hours ago
Salesforce Chicago, United StatesTo get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. · Job Category · Software Engineering Job Details · About Salesforce · Were Salesforce, the Customer Company, inspiring the futu ...
-
Lead Security Engineer
10 hours ago
Circle Chicago, United StatesCircle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up pre ...
-
Application Security Engineer
6 days ago
Tempus Chicago, United StatesPassionate about precision medicine and advancing the healthcare industry? · Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evid ...
-
Azure Security Engineer
3 weeks ago
Wipro Technologies Chicago, United StatesWipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients' most complex digital transformation needs. · We leverage our holistic portfolio of capabilities in consulting, ...
-
AD Security Engineer
2 weeks ago
TEKsystems Chicago, United States: · Job Description · A Security Engineer contributes to the success of the Bank by building a safe and sound technology environment for business operations. This individual will apply their passion for security and technology to create secure, stable and easy to use solutions ...
-
Cloud Security Engineer
2 weeks ago
Expert In Recruitment Solutions Chicago, United States100% REMOTE · Cloud Security Engineer (AWS) · POSSIBLE CONTRACT TO PERM OPTION · 100% REMOTE · Candidate must work CST Hours · GREENCARD or US CITIZEN MANDATED BY FERERAL CONTRACT · Pre-Qualifying Questions: · 1. Have you held a role as Cloud Security Engineer/Security Aut ...
-
Security Engineering Manager
1 week ago
Amazon Chicago, United StatesAmazon is continuously innovating new services and features for our customers. Our engineers invent, build, and sometimes break things to make them easier, faster, better, and more cost-effective. However, no matter what were building from websites to web services, AR to AI, dron ...
-
Blockchain Security Engineer
3 weeks ago
Jump Trading Chicago, United States FreelanceJump Trading Group is committed to world class research. We empower exceptional talents in Mathematics, Physics, and Computer Science to seek scientific boundaries, push through them, and apply cutting edge research to global financial markets. Our culture is unique. Constant inn ...
-
Senior Security Engineer
21 hours ago
Resilience Chicago, United StatesAbout UsResilience is the next-generation cyber risk company that's on a mission to help make the world cyber resilient.Founded in 2016 by experts from across the highest tiers of the US military and intelligence communities, augmented by prominent leaders and innovators from the ...
-
AD Security Engineer
3 weeks ago
TEKsystems Chicago, United States: · Job Description · A Security Engineer contributes to the success of the Bank by building a safe and sound technology environment for business operations. This individual will apply their passion for security and technology to create secure, stable and easy to use solutions fo ...
-
Associate Security Engineer
3 weeks ago
AHEAD Chicago, United StatesAHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. · At AHEAD, we prioritize creating a culture of belonging, wh ...
-
Security Sales Engineer
2 weeks ago
Burrell Associates Chicago, United StatesJob Description · Job DescriptionSecurity Sales Engineer (Chicago, IL) · This Company is keeping organizations safe from cyber-attacks that technology alone cannot prevent. Our 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and res ...
-
Azure Security Engineer
3 weeks ago
Diverse Lynx Chicago, United StatesRequired Qualifications : · 1. Proven experience in implementing security solutions on Azure, with a focus on IAM, MFA, and SSO. · 2. In-depth knowledge of Azure AD, Azure AD B2C, related authentication/authorization components and security protocols which including SAML, OAuth, ...
Lead Security Engineer - Chicago, United States - Informatic Technologies, Inc.
Description
The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams).
Additionally, the individual will provide application design support and application security best practice guidance, in the form of consultations, to various development teams and business stakeholders. The individual is also responsible for championing security through the design and delivery of integrated solution architectures.
This role leads by example by performing all the Application Security team responsibilities and providing training opportunities for other team members. As a technical lead in the Application Security Assessment team, this role must effectively communicate with Clients' technology, business, and third-party partners.
Principal Accountabilities
Requirements
Nice to have
Education
A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or an equivalent combination of education and relevant proven work experience.