LaSalle Network has an exciting opportunity with one of the largest providers of software solutions focused on Risk Management for both high and low risk corporate chargebacks.
The Senior Information Security Engineer role is a newly created position and will be a pivotal component with building out a new, internal, Cybersecurity team! This position is hybrid in Itasca, IL, onsite Monday, Tuesday and Thursday.
This is a contract to hire opportunity with an annual base salary of $140-170k after conversion.
Senior Information Security Engineer Responsibilities :
- Review and remediate internal / external networks, application vulnerability and configuration scans
- Work with Third-Party Penetration Testers and conduct Internal Penetration Tests
- Provides technical advice on controls, processes and procedures
- Collaboration with team to assist with SIEM, IAM and related Information Security Systems monitoring and response
- Act as a mentor to Analysts and those passionate about developing their information security technology skills
- Collaborating with various technical environments and business segments and experience working with auditors and regulators
- Prepares well in advance to improve resource and time management
- Identifies several ways to do things differently that will continuously improve system security
- Exercises great judgment when evaluating system configurations
- Seeks out and acts on peer and leadership feedback on information security concerns
Senior Information Security Engineer Requirements :
- Hands-on experience deploying and managing Vulnerability Scanning Software (Rapid7 / Qualys / Veracode) related to Internal and External Host Vulnerability and Configuration Scans, SAST and DAST Application Scanning (Veracode)
- Hands-on experience with various types of system deployments such as Windows Server / Workstation and Linux distributions.
Candidate must be able to build and configure these OS types
- Good understanding of regulatory standards including PCI-DSS, SOC2 Type2, FedRAMP, etc. preferred
- In-depth knowledge of cyber threats, common security controls, detection capabilities and other practices / solutions for securing digital environments.
Including packet flows / TCP and UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection / prevention systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, vulnerability management, etc.
- Understanding of forensic analysis on and data captures from networks / packet capture, hosts (volatile / live memory), electronic media, log data and network devices in support of intrusion analysis or enterprise-level information security operations
- Must have strong verbal and written communication skills, interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and non-technical audiences
- Building and testing Linux based OS and Windows OS to verify system hardening based on CIS Benchmarks
- Experience reviewing security vulnerability and threat information to determine its significance, validate its accuracy and assess its reliability based on NIST Standards
- 3+ years of experience in one or more : security operations, security engineering or security architecture preferred
- A bachelor’s degree or equivalent combination of education and experience is preferred