Manager Security Penetration Testing at OCC

| Chicago
Sorry, this job was removed at 12:18 p.m. (CST) on Tuesday, July 7, 2020
Find out who's hiring in Chicago.
See all Developer + Engineer jobs in Chicago


Working closely with other members of the Security Services, IT Development Team and Quality Assurance teams, to lead application and software security initiatives, projects, and operations. Responsibilities include the development and implementation of security best practices in the software development life cycle (SDLC), guiding application teams in the development of secure applications, and integrating custom and commercial software with security infrastructure to support the confidentiality, integrity and availability of enterprise applications.

Ability to think with a security mindset. The successful candidate has a strong information security and technology background with in-depth knowledge of several key security practice areas to include access control; privileged access management; application security; identity and access management; data security and governance; network security; security architecture; mobile security and various cloud-based security strategies.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

Conduct security review of technical architecture designs of systems and application.

Suggest security controls and practices to be integrated in the SDLC phases and participation in Security Assurance SDLC activities and toll gates.

Creates clear and concise reports of security analysis for SDLC artifacts and security review during change management process.

Collaborate and brainstorms with security assurance team on new information and security technologies in areas of application and application infrastructure components and propose ideas for new security service development

Develop, implement and execute control activities to ensure that security products, processes and procedures are working as intended; remediate any deficiencies detected; provide documentation and other artifacts.

Develop and collect metrics that measure the volume and trends of work activities and events within the security operations capability; provides regular reports to management.

Explores opportunities for updates to security assurance policies and standards

Coordinate development and periodic review of Security controls, policies and procedures in close coordination with Security managers.

Coordinate self-testing of Security controls and processes.

Coordinate execution of continuous testing roadmap exercises.

Assist in the remediation of security engineering vulnerability findings.

Manage the development of training on security best practices for application developers, architects and testers and coordinate the execution of training plans.

Work with development team and Q/A to create development lifecycle documentation, provides integrated systems planning which will enhance current systems and support corporate, business and system goals.

Participate in the change management process, able to evaluate the security impact, suggest controls and make conclusions to approve or reject the change requests.

Lead in designing penetration testing strategy and plan along with the testers.

Review reports of the testing and conduct security risk assessment of the findings.

Assist in risk prioritization of security vulnerabilities.

Conducts code scans using automated tools and risk rate the vulnerabilities according to the organization risk profile and mitigating controls.

Conduct security review of the baseline and proposed configuration changes to the baseline of devices and applications. Includes research on NVD, potential surface area for risk exposure and validation of controls.

Supervisory Responsibilities: Small Team


The requirements listed are representative of the knowledge, skill, and/or ability required.

Highly motivated individual that assumes ownership of their projects

Must have a deeply inquisitive nature

Ability to act as a liaison between security and the development, IT and QA teams.

Strong desire and capacity to learn and support new technical applications

Exceptional verbal communication skills that include the ability to articulate ideas clearly and concisely

Excellent listening skills

Ability to facilitate meetings and conversations

Ability to write clear and concise documentation including technical specifications as well as business oriented approaches and process descriptions

Highly collaborative – comfortable sharing ideas and asking questions with all levels of staff

Ability to work both independently or on a team with tight timelines and minimal supervision

Security industry knowledge preferred.

Technical Skills:

Experience with Java programming including Java Servlets, JSP, J2EE, Spring.

Experience with J2EE applications and infrastructure including IBM WebSphere Application Server, WebSphere Portal, BEA Weblogic solutions and development.

Familiarity with application frameworks and their built-in security services and API’s (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)

General knowledge of scripting languages (Python, etc.)

Knowledge of security architecture design and principles including confidentiality, integrity and availability.

Automated code scanning tools and development pipeline tools

Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (e.g. OWASP).

Familiarity with application authentication and authorization systems (i.e., CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)

General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)

Fundamental understanding of network and data communications technologies

Knowledge of security in Cloud concepts

Knowledge of Secure DevOps concepts

Education and/or Experience:  

Bachelors degree in Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience

Two or more years of security assurance experience.

Experience with SDLC and working with business users, database analysts, system architects, etc., to identify and prioritize requirements.

Exposure to security architecture design through application development or knowledge of security concepts/best practices. 

Previous work in development, architecture or quality assurance testing may be applicable to the position requirements. 

Certificates or Licenses:

Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC)

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • SwiftLanguages


Adjacent to the Willis Tower, close to CTA, Metra and expressways with plenty of food and entertainment options nearby.

An Insider's view of OCC

What are some social events your company does?

Monthly happy hours, summer and winter outings and cultural celebrations to honor our diverse workforce.


Director, Diversity and Inclusion

What are OCC Perks + Benefits

OCC Benefits Overview

Educational Assistance and Student Debt Forgiveness, 12-week paid parental leave, technology stipend up to $2,000, mobile data reimbursement of $35 per month. Open offices, online health coaching.

Volunteer in local community
Each year, OCC employees select a locally-based charitable organization for each of our three offices (Chicago, Dallas and Washington, D.C.). We offer multiple opportunities to get involved.
Friends outside of work
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Open office floor plan
Dedicated Diversity/Inclusion Staff
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
401(K) Matching
OCC provides employees with a 401(k) matching plan managed by Fidelity. We match 50% of contributions up to 6% of an employee's annual gross pay.
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Flexible Work Schedule
OCC provides employees with a flexible work schedule that includes Flexible start and end times.
Vacation & Time Off Benefits
Generous PTO
OCC employees receive between 22 and 32 days per year of paid time off based on years of service.
Paid Volunteer Time
Our employees receive 8 hours per year of paid volunteer time.
Eligible employees get 30 days of paid sabbatical after their first 10 years of working at the company.
Paid Holidays
Perks & Discounts
Commuter Benefits
OCC Offers pre-tax commuter benefits for employees in Chicago and Washington, D.C.
Happy Hours
Happy hours are hosted Once per month.
Relocation Assistance
OCC offers relocation assistance which varies based on the position level and location.
Professional Development Benefits
Job Training & Conferences
OCC offers employees professional development opportunities including onsite training courses and the ability to attend job related certification courses, conferences and seminars.
Tuition Reimbursement
Our tuition reimbursement plan offers an annual max of $1000.
Lunch and learns
OCC hosts leadership lunches on a regular basis so you can learn about your colleagues and their unique backgrounds.
Cross functional training encouraged
Promote from within
Online course subscriptions available
Customized development tracks
Paid industry certifications
Employees are strongly encouraged to stay current in relevant technologies and supports certification programs.
More Jobs at OCC12 open jobs
All Jobs
Data + Analytics
Design + UX
Dev + Engineer
Data + Analytics
Design + UX
Data + Analytics