Required Skills
Experience with security concepts and engineering security vulnerability mitigation solutions in both Windows end user compute and mobile environments. Broad infrastructure technology concepts around software, hardware, applications, end user interfaces, virtualization, business continuity, PCI compliance, internal auditing, reporting and total cost of ownership. Solid grasp on security industry standards such as STIG/CIS/NIST
Additional Skills
Job Description
- Top 3 skill sets required for this role:
Experience with security concepts and engineering security vulnerability mitigation solutions in both Windows end user compute and mobile environments.
Broad infrastructure technology concepts around software, hardware, applications, end user interfaces, virtualization, business continuity, PCI compliance, internal auditing, reporting and total cost of ownership.
Solid grasp on security industry standards such as STIG/CIS/NIST
- Work Schedule: Remote, Hybrid, Onsite: Hybrid
- If hybrid: How many days onsite vs remote: Two days onsite
- What days will be in-office and remote (i.e. Monday, Tuesday, etc.): First couple of months it will be required for the contractor to be onsite the same days of the week as the other Security Engineers in order to get acclimated and appropriately trained. Typically, those days fall on Tue & Wed or Wed & Thu. Also, the locations will be at the Chicago Reservation Center at 11555 W. Touhy Ave., Chicago, or Willis Tower in downtown Chicago. After the first couple of months, the contractor can work in the office any two days and at either location.
- What shift (if applicable)/Start Time: Shifts are flexible but within reason. Typical shifts are 8a - 5p 9a - 6p with one hour of unpaid lunch.
General Job Description
Seeking an experienced senior level endpoint security engineer with Windows, iOS, MacOS, and Android enterprise expertise. This position requires both technical as well as a non-technical policy-based skillset.
The Security Engineer Will Be Responsible For The Following
- Detecting, remediating, and mitigating workstation and mobile security vulnerabilities
- Conduct extensive testing and supporting of critical applications and operating system updates against security vulnerabilities.
- Evaluating business needs then performing the following based on those needs:
- Engineering a complete and secure end user experience,
- Coordinating user acceptance testing,
- Documenting and engineering solutions based on discoveries of vulnerabilities,
- Implementation and maintenance of security benchmark standards.
- Understanding the balance of implementing security standards without production impact.
- Work closely with various IT teams to mitigate security risks per corporate standards and SLAs.
Primary Duties And Responsibilities
- Manage a test group of over 1,000 endpoints, representative of all lines of business in the enterprise, to include alpha testing of new patches, application updates, operating systems, etc.
- Scope includes (but not limited to)
Applications: Java, Adobe Reader, Edge Chromium, Chrome, Firefox, WinSCP, Notepad++
Operating Systems/Patching: Windows, iOS, MacOS, and Android updates, and new feature functionality testing.
Hardware vulnerability analysis: Laptops, desktops, tablets, Macs, mobile devices.
- Responsibilities related to above include planning and coordinating application version releases, ongoing meetings, reporting results, troubleshooting, discussions with developers/vendors regarding upgrades, etc. Prioritization of vulnerability remediations which includes mitigation strategies while simultaneously preventing productivity outages.
- Candidate will work towards proactively providing an endpoint environment that is sufficiently hardened against vulnerabilities along with assuring that engineering efforts adhere to established corporate policy.
- Implementation of best practices for hardening an endpoint environment including security framework standards (STIG/NIST/CIS).
- Proactively detect and analyze system, applications, code, and hardware weaknesses pre-production. Make remediation and mitigation recommendations accordingly.
- Ability to prepare and participate in corporate risk projects as well as IT audits related to PCI, HIPPA, etc. as necessary.
- Understanding personal and team roles, contributing to a positive work environment by building solid relationships with team members, proactively seeking guidance, clarification, and feedback.
- Apply enterprise vision and standards to all projects. Prepare detailed documentation of all engineered work and solutions.
Qualifications
Education:
Bachelors, Current industry certifications and/or equivalent experience
Experience
- 5+ years of experience providing security engineering of desktop and mobility infrastructure in a large enterprise environment required with aptitude in the following areas: Active Directory, MDM, SCCM, GPOs, Windows 10 & 11, Kiosks, Virtual, Mobility (iOS, MacOS, Android), Reporting, strong documentation, and analytical skills.
- Detection, prioritization, and mitigation strategies for CVE vulnerabilities on endpoint systems (including OS, 3rd Party Applications, GPOs, Registry modifications, etc.)
- Understands and takes quick yet reliable action for zero-day vulnerabilities.
- Successful track record on implementation of security benchmarks STIG/NIST/CIS settings for an enterprise with minimal user impact.
- Engineering with focus on the key security concepts of Confidentiality, Integrity, and Availability.
- Extensive regression testing for enterprise core applications, monthly critical security patches, OS updates, etc.
- Broad infrastructure technology concepts around software, hardware, applications, end user interfaces, virtualization, business continuity, PCI compliance, internal auditing, reporting and total cost of ownership.
Preferred Skills
- Qualys/Nessus (or equivalent vulnerability detection systems), Sandboxing technologies (Cisco Malware Analytics), Injection Hunter, Encryption Technologies, CVE database, CrowdStrike, SysTrack, etc.
- Airline experience is ideal.
- Some knowledge of application packaging and PowerShell Interpretation is ideal.
Skills: security concepts,windows end user compute,endpoint management,kiosks,macos,windows 10 & 11,gpos,android enterprise expertise,active directory,infrastructure,application updates,airline experience,remediation recommendations,technical skills,zero-day vulnerabilities,software,systrack,mobile environments,mobility (ios, macos, android),total cost of ownership,mitigation,sccm,engineering security vulnerability mitigation solutions,security engineering,operating system updates,enterprise,infrastructure technology concepts,stig/cis/nist standards,security benchmark standards,it audits,virtual,user acceptance testing,mdm,crowdstrike,qualys/nessus,positive work environment,hardware,endpoint security,risk projects,enterprise vision and standards,ios,endpoint hardening,non-technical policy-based skillset,alpha testing,virtualization,vulnerability,proactive vulnerability analysis,security framework standards,industry certifications,mobility infrastructure,application packaging,desktop infrastructure,documentation,5+ years experience,sandboxing technologies,powershell interpretation,security,pci compliance,corporate policy adherence,it teams collaboration,cve vulnerabilities,extensive testing,vulnerability remediations,hardware vulnerability analysis,bachelors,windows,applications,business continuity