Information Security Engineer
Security Engineer, Intermediate
We are looking for a Security Engineer to join our Information Security team in our Chicago, IL, office. As a member of the Info Sec team, you’ll help maintain the security posture of OneMain applications, services, and infrastructure in order to protect against security threats including intrusions, malware, system-level breaches, unauthorized access, insider attacks, and loss of proprietary information.
What we will want you to do:
Collaborate with IT and business groups in developing and implementing solutions which meet information security standards Assess existing architectures and systems for opportunities to improve overall security Implement and manage security appliances and tools including network firewalls, WAF, vulnerability scanners, SIEM, IDS, IPS, etc Write code to automate security functions wherever possible, including contributing to internally developed and/or open source security tools Work with IT / Software Engineering teams to remediate vulnerabilities Automate security scanning as part of application development’s continuous integration pipeline Assess risk of changes for the impact to our security Approve access to restricted systemsRespond to computer security incidents according to company policyDevelop alerting capabilities for new and emerging threats across our infrastructureProactive research to identify and understand new threats, vulnerabilities, and exploitsPerform security scans of the network devices and systems
Skills or Experience we want you to have:
- BS/MS in Computer Science, Mathematics, or related field
- Expert level skills with UNIX, Linux, and/or Windows.
- Ability to program effectively in at least one language such as Python, Ruby, or Java
- Skills with application security testing tools such as Burpsuite, SQL MAP, Metasploit.
- Great ability to communicate with developers
- Interest in both breaking and building
- Ability to listen for nuances and dig into details in order to understand systems
Bonus points if you have:
- OSCP or similar certification
- Bug bounty experience
- Experience working in Financial Services industry