Senior Information Security Engineer
Greater Chicago Area
Applications have closed
#BI-Hybrid
What You'll Do
- Cross-Functional Collaboration: Work closely with cross-functional teams to design, implement, and improve security controls for applications. Monitor the effectiveness of security measures and provide recommendations for improvements.
- Security Design: Develop, maintain, and review security architecture and design to ensure it aligns with organizational goals and industry best practices.
- Security Documentation: Maintain and update security documentation, including architecture diagrams, policies, procedures, and guidelines.
- Security Assessments: Conduct thorough security assessments of web applications, identifying vulnerabilities and security weaknesses. Perform automated and manual security testing using industry-standard tools and methodologies. Perform security-focused code reviews.
- Penetration testing: Conduct pen tests of internally developed applications and external interfaces.
- Incident Response: Participate in incident response activities, investigating and mitigating security incidents when they occur. Help develop and implement proactive measures to prevent future incidents.
- Threat Modeling: Collaborate with project teams to perform threat modeling and risk assessments to identify potential security threats and prioritize mitigation efforts.
- Vulnerability Mitigation: Provide detailed remediation recommendations to development teams and work closely with them to address security vulnerabilities in a timely manner. Ensure that secure coding practices are adhered to during the development process.
- Vendor Assessment (cloud and on-prem): Evaluate and select security products and services from third-party vendors, ensuring they meet the organization's security requirements.
- Security Tools and Technologies: Stay up to date with the latest security tools, technologies, and industry trends. Evaluate and deploy relevant security tools to enhance application security. Create tools as necessary. Act as the primary or backup maintainer of security tools.
- Compliance and Documentation: Support Compliance and audit activities.
- Security Training: Educate developers and stakeholders about security best practices and ensure a security-conscious culture within the organization.
- Security metrics delivery and improvements
- Projects, production evaluations, research work, recruiting, and other administrative work as needed.
- Learn new technologies and skills and apply them at work.
- Manage a small team.
Qualifications - We encourage you to apply if you think your experience may be a match, even if you do not meet all of the qualifications.
- A Bachelor’s degree in Computer Engineering, Computer Science, Information/Cyber Security or a related field.
- Knowledge of security coding practices and the ability to guide development teams.
- Experience with multiple programming languages (such as, Java, Go, Ruby, C++, Python, Perl, etc.).
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Experience as a web application developer or the ability to show a clear understanding of web services.
- Experience automated security tasks.
- Experience with pen testing tools such as, but not limited to Burp Suite and Metasploit.
- Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.).
- Minimum of 5 years of experience with any combination of the following: mobile security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
- Minimum of 5 years of experience and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security.
- Security or Linux certifications such as, but not limited to CISSP, LFCE, LFCS, RHCSA, CEH, CASE, RHCE, Red Hat Certified Specialist in Security: Linux, preferred.
- Subject matter expertise in cryptography, preferred.
- Proficiency in application security testing tools and vulnerability scanning, preferred.
- Experience with system administration, including log analysis, preferred.
- Knowledge of compliance frameworks such as PCI DSS, HIPAA, NIST, etc., preferred.
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), preferred.
- Experience with NodeJS, the Spring Framework, Ruby, preferred.
- Experience as a member of an incident response team, preferred.
- Ability to stay updated on emerging threats and security best practices, preferred.
- Participation in CTFs, preferred.
- Experience security cloud environments, e.g. AWS, preferred.
- Experience as a team lead, preferred.
We are rapidly growing across multiple dimensions, including our customer base, the scope of products we offer, and the size of our team. Now is the right time for a strong candidate to join and grow with us. We have a supportive culture where employees are encouraged to achieve both personal and team goals because we believe growth leads to both business impact and personal fulfillment.
We offer competitive compensation and affordable benefits with flexibility and choice to meet individual and family (including Domestic Partnerships) needs, including:· Multiple medical, dental, and vision plan options · Company-paid life insurance, short and long-term disability · 401(k) savings plan with company match (50% on first 6% of employee contribution) · 31 days total annual PTO · Annual Bonus Program · Paid maternity and paternity leave · Relocation allowance · Employee referral bonus · Gym membership · Technical and Professional Development stipend
We are striving to implement and sustain an inclusive and equitable work environment for all employees by sourcing underrepresented groups and continually empowering those individuals within our organization to further enrich Vail’s communication solutions. We recognize that equitable and unique individuals benefit our teams’ problem-solving, innovation, and development efforts.
Our offices are located in Deerfield and Chicago, IL. Interviews and onboarding are conducted in our offices when possible. We observe a hybrid work format that provides employees flexibility to collaborate with team members based on business needs.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Burp Suite Business Intelligence C CEH CISSP Cloud Compliance Computer Science Cryptography CSRF Exploit HIPAA Incident response Java Linux Log analysis Metasploit Mobile security Network security NIST Node.js PCI DSS Pentesting Perl Python Red Hat Risk assessment Ruby Security assessment SSRF TCP/IP Vulnerabilities XSS
Perks/benefits: 401(k) matching Career development Competitive pay Fitness / gym Health care Insurance Medical leave Parental leave Relocation support Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs