Cybersecurity Engineer

Job Title: Cybersecurity Engineer
Location : Chicago IL (hybrid; 3 days a week in office)

Job Description

Cybersecurity engineers are responsible for understanding and contributing to Security by Design practices, secure application software development lifecycle practices, security testing and assessment, and the integration of Security with DevOps. This role is responsible for security engineering of the cloud (AWS, Azure) environments and vulnerability management of both Infrastructure as Code (IaC) and application development (SAST/DAST). Engineers will spend their time helping development teams identify and track security risks to remediation while embracing concepts of agile delivery and DevOps.

Position s Contributions to Work Group:

Software engineer is the one who cares the most about their application. As a Senior Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level and act a trusted partner in their mission to deliver solutions securely.

You will be responsible for delivering a suite of security services according to internal processes and standards, including:

1. Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
2. Engineering Consulting Serving as a best friend to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
3. Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
4. Security Test Onboarding & Management Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
5. Maturity Measurement Consulting with software engineers on practices which will improve their application s security maturity according to scorecards and maturity models established by Cat Digital.
6. Correction of Error Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.

Thanks and Regards
Eshant Sharma

Disclaimer: Wise Equations Solutions Inc; provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. We especially invite women, minorities, veterans, and individuals with disabilities to apply. EEO/AA/M/F/Vet/Disability