Principal, Security Implementation

| Chicago

Summary

 As a Principal, Security Implementation Lead you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities with respect to The OCC environment.

You would be a good candidate for this role if you like:

  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to influence and prioritize security remediation effort for delivery
  • Manage the security vulnerabilities across the enterprise for Open Source Libraries and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • Learning about new technologies and their secure implementation and build remediation strategy for open source libraries
  • Capturing security vulnerabilities, building remediation, and assisting product teams to remediate these.
  • Researching problems and solving the root cause instead of just the current symptoms
  • Sharing your knowledge with others

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
  • Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
  • Interacting with project teams to seek implementation and completion of security requirements
  • Documenting processes based on established guidelines
  • Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
  • Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
  • Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
  • Other job-related duties as assigned.
Supervisory Responsibilities:

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
  • Understanding of Kanban and/or Agile methodologies.
  • Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
  • Self-starter – takes the initiative to research, learn and deliver. Anticipates the play.
  • Team player – humble, collaborative, and focused on making sure the entire team succeeds.
  • Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
  • Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
  • Ability to follow established processes
  • Ability to juggle several high visibility projects
  • Ability to read code in mainstream programming languages such as Python, C#, Java

Technical Skills:

  • Knowledge and experience with Security scanning tools such as Black Duck and Veracode
  • Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
  • Knowledge of Product Owner role. Product Owner certification is a plus.
  • Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
  • Certification of some type of Project / Program management is a plus.
  • A total experience in technology and security landscape for 11 to 15 years is required.
Education and/or Experience:
  • Bachelor’s or Master’s Degrees in Computer Science, Information Systems or other related field. Or equivalent work experience.
Certificates or Licenses:

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • SwiftLanguages

Location

Adjacent to the Willis Tower, close to CTA, Metra and expressways with plenty of food and entertainment options nearby.
Why Open Communication and Transparency From the Top Matter to This OCC Leader
Watch

An Insider's view of OCC

What are some social events your company does?

Monthly happy hours and cultural celebrations to honor our diverse workforce.

Andre

Executive Director, Talent Acquisition

What are OCC Perks + Benefits

OCC Benefits Overview

Educational Assistance and Student Debt Forgiveness, 12-week paid parental leave, technology stipend up to $2,000, mobile data reimbursement of $35 per month. Open offices, online health coaching.

Culture
Volunteer in local community
Each year, OCC employees select a locally-based charitable organization for each of our three offices (Chicago, Dallas and Washington, D.C.). We offer multiple opportunities to get involved.
Friends outside of work
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Open office floor plan
Diversity
Dedicated Diversity/Inclusion Staff
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
401(K)
401(K) Matching
OCC provides employees with a 401(k) matching plan managed by Fidelity. We match 50% of contributions up to 6% of an employee's annual gross pay.
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Flexible Work Schedule
OCC provides employees with a flexible work schedule that includes Flexible start and end times.
Vacation & Time Off Benefits
Generous PTO
OCC employees receive between 22 and 32 days per year of paid time off based on years of service.
Paid Volunteer Time
Sabbatical
Eligible employees get 30 days of paid sabbatical after their first 10 years of working at the company.
Paid Holidays
Perks & Discounts
Commuter Benefits
OCC Offers pre-tax commuter benefits for employees in Chicago and Washington, D.C.
Happy Hours
Relocation Assistance
OCC offers relocation assistance which varies based on the position level and location.
Professional Development Benefits
Job Training & Conferences
OCC offers employees professional development opportunities including onsite training courses and the ability to attend job related certification courses, conferences and seminars.
Tuition Reimbursement
Our tuition reimbursement plan offers an annual max of $1000.
Lunch and learns
OCC hosts leadership lunches on a regular basis so you can learn about your colleagues and their unique backgrounds.
Cross functional training encouraged
Promote from within
Online course subscriptions available
Customized development tracks
Paid industry certifications
Employees are strongly encouraged to stay current in relevant technologies and supports certification programs.

Additional Perks + Benefits

We were just recognized as a best place to work for working parents! Take a look at our blog post here: https://www.theocc.com/Newsroom/Views/2021/04-26-OCC-Designated-as-Best…

More Jobs at OCC40 open jobs
All Jobs
Data + Analytics
Dev + Engineer
HR + Recruiting
Internships
Legal
Marketing
Operations
Product
Project Mgmt
Internships
new
Chicago
Internships
new
Chicago
Internships
new
Chicago
Internships
new
Chicago
Internships
new
Chicago
Developer
new
Chicago
Internships
new
Chicago
HR + Recruiting
new
Chicago
Operations
new
Chicago
HR + Recruiting
new
Chicago
Developer
new
Chicago
Developer
new
Chicago
Project Mgmt
new
Chicago
Operations
new
Chicago
Data + Analytics
new
Chicago
Data + Analytics
new
Chicago
Developer
new
Chicago