Senior Security Risk Engineer Job in Chicago, Illinois US
This individual will be performing network, web, host and database security assessments on a diverse and distributed enterprise network and application Infrastructure.
The Security Risk Engineer will be responsible for conducting testing of web, client server, and other applications. Additionally, the engineer will conduct testing of a wide variety of operating systems, application servers, and databases. The engineer must have very strong expertise in conducting application and infrastructure security testing. The engineer must also be passionate about assessing and discovering vulnerability in systems, as evidenced through the engineer's skill and strong patterns of continuous learning. The engineer must be effective in communicating to technical teams and business owners in both verbal and written form. Strong self motivation and a solid risk mind set are essential. Experience in the financial services industry a plus.
Responsibilities include:
- Conducts vulnerability assessments and penetration testing of Internet, Extranet and Intranet networks, and systems
- Develops and executes customized testing strategies and plans
- Incorporates and uses penetration testing tools and scripts
- Actively analyzes technology platforms for architecture and design weaknesses, technical flaws and system vulnerabilities; and recommends appropriate mitigations and controls
- Develops and coordinates annual plans for periodic penetration testing of all applicable applications and network elements
- In-depth knowledge of web applications, network and platform operating systems is required
- Understands and adjusts testing techniques
- Appropriately to various system environments
Core Skill Set:
- Application Security/Penetration testing
- Flavors of UNIX/Linux and databases
- Web Server, Applications Services (IIS/Apache/WebSphere, etc.)
- Expert knowledge of OWASP published risks and controls
- Good communication in English, both oral and written (presentations, technical reports and proposals).
- Strong analytical, evaluative, and problem-solving abilities
- Active involvement in industry groups such as OWASP, ISSA and certifications such as GIAC, CISSP, CISA, is a plus
- Bachelor's degree in information systems or computer sciences preferred
Experience:
- Minimum six years experience in an Information Security position, with a strong background in application security best practices and ethical hacking.
- Desktop/Network Operating Systems: Windows, HP-UX, Linux, Solaris, Linux, Cisco, Juniper, etc.
- Experienced in using commercial and freeware application security and scripting tools
- In-depth knowledge of network application exploitation, web services, ethical hacking/pen testing
- Coding background preferred (C/C++, XML, and PERL, JAVA programming knowledge)
- UNIX/LINUX and Windows administration is a plus
- Experience in working with software security design engineering