Previous Job
Lead Application Security Engineer
Ref No.: 17-11340
Location: Chicago, Illinois
Position Type:Right to Hire
Start Date: 11/22/2017
Position: Lead Application Security Engineer - Penetration Tester & Ethical Hacker
Location: Warrenville, IL or downtown Chicago
Start: ASAP
Type: 3 month contract-to-hire

Duties and responsibilities include, but are not limited to:
  • Delivery the following services:
    • Network Penetration Tests and Vulnerability Assessments
    • Application Penetration Tests and Vulnerability Assessments
    • Wireless Penetration Testing
  • 80% of work will involve hands-on pen testing for internally-developed applications
  • 20% of work will be in Program Management; working in collaboration with a Project Manager to establish security assessment processes and framework
  • Writing reports at the executive level, management level, and technical level
  • Potential need for the following services:
    • Telephone-based Social Engineering
    • E-mail Spear-phishing
    • Physical Penetration Testing
    • Wardialing
    • Reconnaissance
    • Static and/or dynamic code analysis
    • Forensics
Required Skills / Knowledge:
  • Written and verbal communication skills at executive, management, and technical levels
  • Knowledge of security threads, solutions, tools, and techniques
  • good grasp of COBIT framework
  • Understanding how security tools work at the technical level and not just how to run them
  • Experience with commercial and open source security tools, such as Burp Suite, Core Impact, OWASP Zap, Metasploit and Cobalt Strike
  • Experience manually exploiting vulnerabilities, such as Cross Site Scripting, SQL injection, etc.
  • Passion, desire, and self motivation for learning in the field of Information Security
  • Knowledge of .NET application development; experience performing Pen testing within the Microsoft technology stack
Desired Skills/Knowledge:
  • Security Certifications: OSCP, OSCE, OSWP, GWAPT, CISSP, Security+
  • Experience executing assessment of solutions under a SaaS delivery model
  • Experience testing within Azure environment
  • T-SQL experience under SQL Server
  • Experience creating custom tools from scratch
  • Programming or Scripting capabilities
  • Demonstrable passion for security, evidenced through such things as involvement in Capture the Flag events, CCDC events, and contributions to the community (articles, security-focused blog, security-focused github page, etc.)