Senior Information Security Engineer

Who You AreAs a Senior Information Security Engineer, you will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will design and deliver solutions for complex technical problems. This role is team-oriented, as you will collaborate with other highly technical data security, networking, systems engineering, and software development staff.   The ideal candidate will leverage a strong data security background to monitor, discover, and mitigate vulnerabilities in our network, systems, and applications. Additionally, the candidate will be data-driven, adaptable, and detail-oriented. 
#BI-Hybrid

What You'll Do

• Cross-Functional Collaboration: Work closely with cross-functional teams to design, implement, and improve security controls for applications. Monitor the effectiveness of security measures and provide recommendations for improvements.
• Security Design: Develop, maintain, and review security architecture and design to ensure it aligns with organizational goals and industry best practices.
• Security Documentation: Maintain and update security documentation, including architecture diagrams, policies, procedures, and guidelines.
• Security Assessments: Conduct thorough security assessments of web applications, identifying vulnerabilities and security weaknesses. Perform automated and manual security testing using industry-standard tools and methodologies. Perform security-focused code reviews.
• Penetration testing: Conduct pen tests of internally developed applications and external interfaces.
• Incident Response: Participate in incident response activities, investigating and mitigating security incidents when they occur. Help develop and implement proactive measures to prevent future incidents.
• Threat Modeling: Collaborate with project teams to perform threat modeling and risk assessments to identify potential security threats and prioritize mitigation efforts.
• Vulnerability Mitigation: Provide detailed remediation recommendations to development teams and work closely with them to address security vulnerabilities in a timely manner. Ensure that secure coding practices are adhered to during the development process.
• Vendor Assessment (cloud and on-prem): Evaluate and select security products and services from third-party vendors, ensuring they meet the organization's security requirements.
• Security Tools and Technologies: Stay up to date with the latest security tools, technologies, and industry trends. Evaluate and deploy relevant security tools to enhance application security.  Create tools as necessary. Act as the primary or backup maintainer of security tools.
• Compliance and Documentation: Support Compliance and audit activities.
• Security Training: Educate developers and stakeholders about security best practices and ensure a security-conscious culture within the organization.
• Security metrics delivery and improvements 
• Projects, production evaluations, research work, recruiting, and other administrative work as needed.
• Learn new technologies and skills and apply them at work.
• Manage a small team.

Qualifications - We encourage you to apply if you think your experience may be a match, even if you do not meet all of the qualifications.

• A Bachelor’s degree in Computer Engineering, Computer Science, Information/Cyber Security or a related field.
• Knowledge of security coding practices and the ability to guide development teams.
• Experience with multiple programming languages (such as, Java, Go, Ruby, C++,  Python, Perl, etc.). 
• An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience as a web application developer or the ability to show a clear understanding of web services.
• Experience automated security tasks.
• Experience with pen testing tools such as, but not limited to Burp Suite and Metasploit.
• Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.).
• Minimum of 5 years of experience with any combination of the following: mobile security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• Minimum of 5 years of experience and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security.
• Security or Linux certifications such as, but not limited to CISSP, LFCE, LFCS, RHCSA, CEH, CASE, RHCE, Red Hat Certified Specialist in Security: Linux, preferred.
• Subject matter expertise in cryptography, preferred.
• Proficiency in application security testing tools and vulnerability scanning, preferred.
• Experience with system administration, including log analysis, preferred.
• Knowledge of compliance frameworks such as PCI DSS, HIPAA, NIST, etc., preferred.
• An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), preferred.
• Experience with NodeJS, the Spring Framework, Ruby, preferred.
• Experience as a member of an incident response team, preferred.
• Ability to stay updated on emerging threats and security best practices, preferred.
• Participation in CTFs, preferred.
• Experience security cloud environments, e.g. AWS, preferred.
• Experience as a team lead, preferred.

Who We AreAt Vail, we believe in the unique power of voice interactions to create more expressive, more intimate, and more efficient interpersonal interactions. Using Vail technology, we make millions of voice interactions better every day. We process around 10% of all toll-free call traffic in the U.S.; 1 in 10 times when someone calls a customer support hotline, Vail is routing or interacting with that call.
We are rapidly growing across multiple dimensions, including our customer base, the scope of products we offer, and the size of our team. Now is the right time for a strong candidate to join and grow with us. We have a supportive culture where employees are encouraged to achieve both personal and team goals because we believe growth leads to both business impact and personal fulfillment. 
We offer competitive compensation and affordable benefits with flexibility and choice to meet individual and family (including Domestic Partnerships) needs, including:·       Multiple medical, dental, and vision plan options ·       Company-paid life insurance, short and long-term disability ·       401(k) savings plan with company match (50% on first 6% of employee contribution) ·       31 days total annual PTO ·       Annual Bonus Program  ·       Paid maternity and paternity leave ·       Relocation allowance ·       Employee referral bonus ·       Gym membership ·       Technical and Professional Development stipend
We are striving to implement and sustain an inclusive and equitable work environment for all employees by sourcing underrepresented groups and continually empowering those individuals within our organization to further enrich Vail’s communication solutions. We recognize that equitable and unique individuals benefit our teams’ problem-solving, innovation, and development efforts. 
Our offices are located in Deerfield and Chicago, IL. Interviews and onboarding are conducted in our offices when possible. We observe a hybrid work format that provides employees flexibility to collaborate with team members based on business needs.