Information Security Engineer - $120,000
Chicago, ILFull Time/Part Time:
The Advanced Information Security Engineer is responsible for company-wide Information Security technology and processes. This individual will be the technical lead evaluating solutions to security issues and evaluating new technologies. This individual will design, implement, and maintain Information Security technologies. This individual will work with other teams directly ensuring security policies are implemented and procedures are functional across all technologies. This is both a high level and a hands on role that includes architecture and implementation, troubleshooting, and testing/investigating.
Responsibilities include but are not limited to:
- Ensure adherence to information security policies and procedures.
- Implement and maintain security program technologies across all offices, sites, and departments.
- Provide guidance and recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.
- Perform penetration tests and technical assessments to ensure compliance with information security policies and procedures.
- Find and priorities Information Security risks and help design best remediation to the risks.
- Create and present board level Information Security presentations.
- Manage the security development lifecycle and perform application security reviews.
- Perform security audit and risk assessments on corporate applications and end-users.
- Assist in investigation and respond to information security incidents including forensics analysis.
- Monitor compliance with security controls and communicate unresolved security exposures, misuse, or noncompliance situations to management.
- Understand potential and emerging information security threats, vulnerabilities, and control techniques and assist IT and business staff in understanding and responding.
- Stay current with the trends in information security defense and attackers techniques
- Maintain a commitment to the company’s values, business processes, and code of ethics.
- Perform other duties as assigned.
Bachelor of Science degree in Computer Science, Business or equivalent education and years of experience.
- Minimum of 8 years Information Security experience, and 12 years in Information Technology
- Experience in Network, Systems, and Application Security.
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.
- Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized subject matter expert.
- Self-directed, highly motivated individual with strong analytical and problem-solving skills.
- Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people.
- Excellent verbal & written communication skills; with a high aptitude to work with people across broad levels in an organization.
- Experience in several of the following: Centralized logging, SIEM, IPS, Vulnerability Scanners, Anti-Virus, End Point Protection Software, Host and Network Forensics, Firewalls, Operating System Hardening, NMAP, Metasploit, Kali Linux, Burp Suite, Application Vulnerability Assessment Software, Wireless hacking and hardening.
- Take initiative to identify and anticipate business needs and make recommendations for implementation.