Offensive Security Engineer

| Chicago | Remote
Sorry, this job was removed at 6:10 p.m. (CST) on Monday, April 24, 2023
Find out who's hiring in Chicago.
See all Cybersecurity + IT jobs in Chicago
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

What You'll Be Doing

    • Responsible for conducting and coordinating penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, developing corrective action recommendations, and summarizing and reporting results.
    • Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology.
    • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection.
    • Perform manual penetration testing of web applications, APIs, and internal and external networks.
    • Coordinate external penetration and web application scanning activities.
    • Document in detail the results of assessments, audits, tests, and verification activities.
    • Perform manual validation of vulnerabilities.
    • Defining, maintaining, and implementing application security best practices to meet HITRUST and other security requirements.
    • Providing guidance to Engineering teams during design reviews, including threat modeling.
    • Develop and maintain the Information Security team's threat models/profiles.
    • Coordinate and facilitate tabletop exercises.
    • Evaluating the impact on the organization of current security advisories, publications, and trends.
    • In partnership with the Security Architect, review web applications, source code, operating systems, and network security architectures to identify vulnerabilities and define effective strategies for remediation and hardening.
    • Explaining and demonstrating vulnerabilities/findings to product stakeholders, providing remediation steps, and designing solution prototypes and/or implementing security enhancements.
    • Participating in building and maturing security capabilities and operations.
    • Participating as a key member of the Incident Response team and serve as a web application and network security SME focused on determining impact, root cause, and resolution associated when needed.
    • Identifying, vetting, and coordinating third-party vendors in meeting third-party application security testing requirements.


What You'll Bring

    • A passion for security and an attacker mindset.
    • 3+ years of proven code review and penetration testing experience in both web applications and infrastructure; finding vulnerabilities and defining effective strategies for remediation and hardening.
    • Experience testing and securing infrastructure on cloud providers such as AWS/Azure.
    • Applied Secure SDLC knowledge.
    • Experience with static and dynamic code analysis.
    • Strong scripting and development skills in languages such as Java, JavaScript, Ruby, Python, etc.
    • Security certifications such as OSCP, OSCE, OSAP, eCPPTv2, PNPT.
    • Ability to write formal assessment reports and to explain vulnerabilities to different stakeholders.
    • Knowledge and understanding of attack surfaces for enterprise systems and services.
    • Solid understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.
    • Solid understanding of the OAuth 2.0 authorization flow, JWT, and how to identify and exploit common vulnerabilities in web-based applications and network environments.
    • Self-starter with the ability to work independently, interface with multiple teams, and willingness to overcome challenging problems while identifying opportunities for improvement.


Would Love For You To Have

    • Experience threat modeling SaaS products, cloud infrastructure, RESTful microservices, etc.
    • Significant hands-on penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, cloud infrastructure, etc.
    • Experience with a variety of open-source and commercial testing tools in areas such as web interception proxies, packet capture, debugging, and API interaction.
    • Understanding of hashing, encryption, and hash cracking technology.
    • Experience developing exploits and adding functionality to open-source tools.
    • Applied security research, cryptography, reverse engineering, and fuzzing experience.
    • Additional certifications such as OSWE, GPEN, GXPN, CREST, OSEP, CRTO, or BSCP will be very desirable.
    • Experience in vulnerability management within containerized environments.
    • Strong SaaS and cloud security skills, with a focus on AWS.
    • Understanding of common Microsoft Active Directory/Azure AD environment security and related vulnerabilities.
    • AWS Certified Solutions Architect, AWS Certified Security Specialist or similar certifications preferred, CCSP or CISSP.


What You'll Get

    • You will work with a team of experts in building and maintaining a highly validated security and privacy program for the leader in Population Health and Healthcare data.
    • Be a part of a team and organization that has built security and privacy into the fabric and culture of the organization.
    • Your responsibilities will grow with you as a critical member of our team.
    • Be a part of a mission-driven company that is transforming the healthcare industry by changing the way patients receive care.
    • The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform.
    • Become an expert in all elements of securing clinical and claims healthcare data in the cloud.
    • A flexible, remote-friendly company with personality and heart.
    • Employee-driven programs and initiatives for personal and professional development.
    • Awesome work environment.
    • Competitive compensation/benefits package.
    • Great benefits like flextime time off.


About Arcadia
Arcadia.io helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health. We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our website , our online resources , and our interactive Data Gallery .
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • ElixirLanguages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • TypeScriptLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • ReduxLibraries
    • Angular.JSFrameworks
    • DockerFrameworks
    • GraphQLFrameworks
    • HadoopFrameworks
    • KafkaFrameworks
    • KubernetesFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • TensorFlowFrameworks
    • CassandraDatabases
    • HiveDatabases
    • MongoDBDatabases
    • NoSQLDatabases
    • PostgreSQLDatabases
    • SnowflakeDatabases
    • HadoopDatabases
    • SQLDatabases
    • AWS (Amazon Web Services)Services
    • GitHubServices
    • Google AnalyticsAnalytics
    • IllustratorDesign
    • PhotoshopDesign
    • PixelmatorDesign
    • AsanaManagement
    • ConfluenceManagement
    • JIRAManagement
    • WordpressCMS
    • HubSpotCRM
    • SalesforceCRM
    • HubspotEmail
    • HubspotLead Gen

Location

The Rockford office is in an office building in EdgebrookShops - a shopping center with locally owned businesses and restaurants. Edgebrook offers a unique blend of eclectic boutique shops, excellent restaurants, convenient service-oriented businesses, and seasonal events.

An Insider's view of Arcadia

What's something quirky about your company?

Arcadia's Got Talent (AGT) is an annual talent show that I won last year. The best part about AGT was that it encouraged me to work on something I am passionate about outside of work. All of the entries were amazing & I think it's really awesome that the company does things to bring people together and celebrate our passions outside of the office.

Gary

Engineering Manager

What does your typical day look like?

Every day is a little bit different, which I really love and helps keep me engaged! Most days I have a combination of phone screens and meetings with my hiring managers or team. I also help manage a lot of our brand partnerships that have projects through out the year and play a part in helping construct Arcadia's company culture as we scale.

Julie

Talent Acquisition Manager

How do you make yourself accessible to the rest of the team?

It's as easy as making time. I meet with my team members for one on ones to understand where their stressors are. Sometimes it's personal and I support with flexibility, time, or PeopleOps other times it's professional and these I tactically work with the team to coach or intervene.

Geo

Director, Engineering

How does the company support your career growth?

Arcadia is incredibly generous when it comes to career growth. I receive regular mentorship from my manager and leadership team. I also have a continuing education stipend that I use to take courses and attend conferences to further my skillset. My career path is mapped out and regularly adjusted with my professional interests and personal growth.

Mike

Senior Manager, Content

What are Arcadia Perks + Benefits

Arcadia Benefits Overview

We offer industry leading benefits including unlimited vacation that Arcadians are able to use to ensure their work life balance.

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Pair programming
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Highly diverse management team
Mandated unconscious bias training
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Team workouts
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Performance bonus
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid holidays
Paid sick days
Office Perks
Company-sponsored outings
Free snacks and drinks
Some meals provided
Company-sponsored happy hours
Onsite office parking
Pet friendly
Fitness stipend
Home-office stipend for remote employees
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Promote from within
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications

Additional Perks + Benefits

At Arcadia we create programs and opportunities that allow connection with one another and bridge the work from home gap. We host themed events, contests with prizes, and provide resources for shared personal and professional interests.

More Jobs at Arcadia

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about ArcadiaFind similar jobs like this