Position: Cybersecurity Engineer
Location: Chicago, IL (Hybrid)
Duration: 6-12 Months
Rate: DOE

US Citizens and Green cards are Preferred. No 3rd party C2C

Essential Job Functions
The Security Engineer oversees and provides direction, and development for the security assessment and vulnerability management programs. He/She will work with leadership to determine proper security configurations. This position is hands-on and includes performing security risk assessments on new and current technologies, analysis and reporting on vulnerabilities as part of the overall vulnerability management function, collaboration with Security Architecture on projects, and consulting to provide subject matter expertise.
Essential Functions:

• Perform security assessments on hardware/software (on premise and cloud) technologies and third parties (e.g., vendors and service providers).
• Manage and mature the security assessment and vulnerability management programs. Create and maintain system, metrics, procedural and support documentation.
• Collect information and assess emerging threats including software vulnerabilities. Coordinate the triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate.
• Provide input into the strategic decisions that affect the functional area of responsibility and participate in long-term strategy and planning for Information Security.
• Subject matter expert for Information Security, consulting to technical and non-technical management, and attorneys as necessary.
• Contribute to the development and maintenance of security policies, standards, processes and guidelines.
• Lead and mentor the security engineering team.
• Participate in issues management (exception and findings requests) as needed.

• Education, Work Experience, Skills
• Six (6) years of direct work experience in security assessments, vulnerability management, or similar.
• 4-year college degree in information technology or equivalent experience.
• Experience with assessments in Windows and Unix is required.
• Knowledge of IT security controls and IT infrastructure is required.
• Experience with cloud technologies such as Microsoft Azure IaaS and SaaS is required.
• Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG... is required.
• Scripting/automation experience such as Python, PowerShell and API integrations is preferred.
• Outstanding communication (verbal, written, visualization and listening) skills.
• Self-starter who can work independently as well as in a team setting.
• Interest in understanding customer perspective to aid in the development of the right solution.
• Commitment to delivering quality solutions.
• Ability to communicate technical topics to a non-technical audience.
• The ability to research and solve complex security and networking challenges.
• Demonstrated personal skills to effectively cooperate and communicate with business partners.
• Creative problem solving, analytical, industry knowledge, project management and communication.

• Hands on experience of cloud capabilities, controls, and implementation.
• Hands on experience of security administration and role based security controls.
• Hands on experience of authentication technologies and their interaction with different platforms, both on-site and remote.
• Hands on experience of vulnerability assessment and forensic tools.
• Hands on experience of vulnerability assessment and forensic tools of Identity & Access Management technologies.
• Knowledge of security technology capabilities.
• Knowledge of anti-malware technologies.
• Knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
• Knowledge of both client and server firewalling technologies and their configuration and administration.
• Knowledge of security systems log correlation and analysis.
• Knowledge of data encryption technologies.
• Knowledge of Endpoint Detection and Response tools.
• Knowledge of web filtering and email SPAM prevention techniques.

• Cloud security certifications, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) are preferred.