Customize Cookies

Strictly Necessary Cookies (Always On)

Necessary cookies enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these cookies.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know how visitors interact with pages and utilise the full website. These cookies really help us understand how relevant and effective our content is so that we can learn and improve.

Save your cookie preferences

We use cookies and similar technologies to improve your online experience and the performance of our websites. Select "Accept and continue" or select "Manage my preferences" to customize your choices.

Learn more about our Privacy Policy.

Accept and continue Manage my preferences
Back to Job Search

Cybersecurity Engineer 4 (# 7262)

Req #:
135353
Job Id:
7262-1
Category:
IT / Software Development
Job Type:
Contract
Job Status:
Full Time
Location:
Peoria, IL
IL, Chicago 60661

Position Details:

Title: Cybersecurity Engineer 4

Location: Chicago, IL 60661 (Hybrid – 3 days/week onsite)

Duration: 12 Months Contract (Possible extension)

 

Job Description:

Top Skills / Manager Notes:

  • Interview Type (F2F Or virtual) & Rounds: 1 round- 1 hour- Panel interview (video)- technical & general questions to validate the candidate.
  • Top 3 Technical skills: Running DAST, Application development background, of Vulnerability management.
  • Preferred Years of experience: min 7 years of experience is minimum but open to considering senior-level candidates with 15-20 yrs of exp too.
  • Ideal candidate: looking for a Cybersecurity Engineer who can assist our DAST program - Rapid7 or any other similar tool.
  • Education Preference: IT degree and min 5 years of experience

 

Additional Summary: 

We are part of the enterprise & cybersecurity team.
Probably maybe intermediate experience
Having an application development background is nice but not required (to scan results)- Python/GIT/DevOps/Azure
There are 3 towers- DAST/SAST and others.
DevOps-Automation setting up CI/CD pipelines, build & deploy.
Looking for a genuine resource who can set a pipeline.
Schedule the scans for Rapid7.
Timings- 8-5 CST
Travel- 5 to 20% may be required.
GitHub & Azure DevOps experience
Cybersecurity with an IT degree and 7+ years of experience
Certifications- required- Any cybersecurity related.
We do have a team in the US & India so looking for someone who is an individual contributor.
They should be available for video meetings during the work hours.
They need to collaborate with the Indian team.
ServiceNow for managing vulnerability findings- nice to have but required.
DAST- Rapid7 or any other tool experience required.

 

Job Description:

Cybersecurity engineers are responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

Position’s Contributions to Work Group: 
At Client Digital, every software engineer is the one who cares the most about their application. As a Senior Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level and act a trusted partner in their mission to deliver solutions securely.
You will be responsible for delivering a suite of security services according to internal processes and standards, including:
1. Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
2. Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
3. Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
4. Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
5. Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Client Digital.
6. Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Client Digital avoid similar mistakes in their own applications.

Typical task breakdown:
- Provide security consulting and perspective during architectural discussions and decision making.
- Consult with solution developers to ensure understanding of security principles and best practices.
- Triage security vulnerabilities and recommend and/or execute remediations or mitigations.
- Engage with business personnel including project managers, products owners, and end-users as needed providing well-rounded contributions based on strong security expertise.
- Consult with solution architects, developers, cloud engineers, security engineers and other team members to ensure a successful project delivery.
- Contribute to and peer review various technical documents including security architecture diagrams and policy documents.

Interaction with team:  
- DevOps Team consists of 13 currently and will be supporting a new project that has 60+ project members. This team also supports other established applications within the organization.
- This team is cross-functional. Successful team members will be expected to think outside the box, learn new skills, etc., to support each other and the project.

Work environment: 
- Hybrid 

Education & Experience Required:  
- Bachelor’s degree with 8+ years’ experience
- If No degree, they must have at least 12 years’ experience 

Technical Skills 
(Required)
- Experience with cybersecurity best practices including ISO, SOC, OWASP, MITRE, and Microsoft standards
- Experience audit existing solutions or environments against Security and GRC standards

Soft Skills
(Required)
- someone who is comfortable in working in a R&D setting and take on admin tasks when needed.  

Apply

Apply for this role

Additional questions

The following error(s) occurred:

Hi I'm hemang

I manage this role
Email me
More roles managed
NY - New York
Business Intelligence Specialist (Salesforce CRM)
$60 to $65 per hour
CA - Culver City
UX Writer III
$75 to $80 per hour
CA - Cupertino
UX Writer
$70 to $71 per hour