Associate Principal, Cyber Defense Engineer - Blue Team - Cloud

| Remote

OCC is seeking a Blue Team Security Engineer to increase OCC's AWS and cloud security posture to all threats against organization operations, assets, or individuals by engineering and/or assessing complex cloud-based computing environments. Work in collaboration with internal departments and system users. Demonstrate technical knowledge to proactively write documentation to comply with current standards. Provide senior level security technical expertise to the team. Grow and support the virtualization, cloud, and automation efforts.

Members of the Blue Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Blue Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy OCC’s preventative and detective controls.

The ideal team member will have extensive experience in more than one of the following security testing domains, but prefer experience in AWS/Cloud: Cloud, Web Application, Mobile Application, and Operating System. This candidate must be driven, a stellar communicator, enthusiastic and have the desire to stay ahead of today’s emerging threats and actor techniques.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

Conduct various activities such as:

Performing Cloud assessments, Cloud Security Engineering, Web Application Assessments, primarily in an AWS environment.

Understand vulnerabilities and effective remediation and mitigation techniques.

Perform security risk assessment, threat analysis and threat modeling.

Perform independent reviews of OCC’s security, cloud, network, applications, and cloud environments.

Plan/Design/Execute security related artifacts and activities.

Stay on-time, on-budget, and within scope of testing activities.

Develop clear detailed reports and recommendations based on concrete evidence.

Debrief users and provide remediation strategy on findings.

Ensure alignment of security controls in OCC’s testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices.

Assist management with the improvement of policy and procedure to support Security Testing and Blue Team activities as well as other security duties which may arise.

Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.

Adhere to the best practices and work for delivering secured and quality products.

Consult with technical experts and system owners on all aspects of Information Security and Compliance.

Work closely with Production Support staff, Incident Response, and IT infrastructure to increase organizational security posture.

Support OCC’s security objectives and remediation efforts relating to Security Assurance and Testing.

Supports and successfully completes Audits.

Participate in “Lessons Learned” process to provide information to help OCC improve practices, methodologies, tools, and other technologies.

Stay current on emerging technology trends and the threat landscape.

Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.

Train full-time and contingent Security Testing Blue Team personnel.

Support Security Assurance management and activities and be a Team Player.

Perform other duties as assigned.

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions

Cloud engineering and assessment experience, and training with focus on development of secure enterprise solutions, primarily in the Amazon Web Services (AWS) cloud.

High-energy, results driven person with an attention to detail.

Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions.

Exceptional tactical planning skills based on long-term strategic goals.

Exceptional verbal/written communication skills to be able to articulate ideas clearly and concisely.

Excellent listening skills.

Strong understanding of container technologies including engineering, development, and assessment

Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application

Web Application Assessments, Mobile Application Assessments, and Operating System Assessment.

Proven due diligence and research ability via open source avenues and technology.

Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies.

Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management

Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.

Strong knowledge of common enterprise infrastructure technology stacks and network configurations.

Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.

Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming languages.

Ability to facilitate meetings and conversations.

Ability to work with business users, understand their needs and translate those needs to the final project deliverables.

Desired:

Experience working on critical infrastructure in a regulated environment.

Cloud services experience in IaaS, PaaS, and/or SaaS, primarily in the Amazon Web Services (AWS) cloud.

Understanding of regulatory standards including one or more of the following NIST RMF/CSF, COBIT 5/2019 and others as needed. 

In depth system administration experience and knowledge, including operating systems, hardware, storage and networking, including system hardening standards such as the Center for Internet Security benchmarks

Corporate hands-on experience with scripting and coding, such as Python, PowerShell, Terraform, shell scripts, etc. preferred

Working knowledge or demonstrated experience with and corporate hands-on experience with configuration and implementation of IaaS / infrastructure as code, AWS cloud, Azure cloud or other similar cloud technologies highly desired

Knowledge and experience with automation, configuration, and deployment tools such as Terraform, Cloud Formation and configuration management tools such as Ansible

Knowledge and experience with DevOps, Kubernetes, GitHub, and Jenkins strongly desired

Technical Skills:

Excellent proficiency in cloud assessment and engineering, network, application, wireless and physical security.

Proficiency in cryptography.

Proficiency with security tools-of-the-trade (Kali, Armitage, Linux distros, MacOS, Rapid7, Core Impact, Metasploit, nMap, Qualys, Maltego, Burp Suite, ect.).

Experience with Windows, Unix, Cisco, platforms and controls.

Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).

Proficient in basic document management in a Microsoft SharePoint or other environments.

Experience with dedicated document management tools (e.g., DMS, PolicyTech) a plus.

Experience with using ServiceNow a plus.

Education and/or Experience:

BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university or equivalent experience

5+ Years’ experience cloud security engineering and assessment.

10+ Years’ experience in Information Assurance or Information Security environment.

Certificates or Licenses:

AWS Security-related certifications (AWS Certified Solutions Architect, AWS Certified Security Specialty, etc.) are highly desired.

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • SwiftLanguages

Location

Adjacent to the Willis Tower, close to CTA, Metra and expressways with plenty of food and entertainment options nearby.

An Insider's view of OCC

What are some social events your company does?

Monthly happy hours, summer and winter outings and cultural celebrations to honor our diverse workforce.

Yemi

Principal, Diversity and Inclusion

What are OCC Perks + Benefits

OCC Benefits Overview

Educational Assistance and Student Debt Forgiveness, 12-week paid parental leave, technology stipend up to $2,000, mobile data reimbursement of $35 per month. Open offices, online health coaching.

Culture
Volunteer in local community
Each year, OCC employees select a locally-based charitable organization for each of our three offices (Chicago, Dallas and Washington, D.C.). We offer multiple opportunities to get involved.
Friends outside of work
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Open office floor plan
Diversity
Dedicated Diversity/Inclusion Staff
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
401(K)
401(K) Matching
OCC provides employees with a 401(k) matching plan managed by Fidelity. We match 50% of contributions up to 6% of an employee's annual gross pay.
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Flexible Work Schedule
OCC provides employees with a flexible work schedule that includes Flexible start and end times.
Vacation & Time Off Benefits
Generous PTO
OCC employees receive between 22 and 32 days per year of paid time off based on years of service.
Paid Volunteer Time
Our employees receive 8 hours per year of paid volunteer time.
Sabbatical
Eligible employees get 30 days of paid sabbatical after their first 10 years of working at the company.
Paid Holidays
Perks & Discounts
Commuter Benefits
OCC Offers pre-tax commuter benefits for employees in Chicago and Washington, D.C.
Happy Hours
Happy hours are hosted Once per month.
Relocation Assistance
OCC offers relocation assistance which varies based on the position level and location.
Professional Development Benefits
Job Training & Conferences
OCC offers employees professional development opportunities including onsite training courses and the ability to attend job related certification courses, conferences and seminars.
Tuition Reimbursement
Our tuition reimbursement plan offers an annual max of $1000.
Lunch and learns
OCC hosts leadership lunches on a regular basis so you can learn about your colleagues and their unique backgrounds.
Cross functional training encouraged
Promote from within
Online course subscriptions available
Customized development tracks
Paid industry certifications
Employees are strongly encouraged to stay current in relevant technologies and supports certification programs.
More Jobs at OCC22 open jobs
All Jobs
Finance
Data + Analytics
Dev + Engineer
Internships
Legal
Operations
Project Mgmt
Sales
Data + Analytics
new
Chicago
Operations
new
Chicago
Developer
new
Chicago
Developer
new
Chicago
Sales
new
Chicago
Internships
new
Chicago
Developer
new
Chicago
Finance
new
Chicago