This site uses cookies. To find out more, see our Cookies Policy

Security Engineer in Lake Forest, IL at Interactive Business Systems

Date Posted: 8/2/2018

Job Snapshot

Job Description

Job Description Major purpose: This position will perform day-to-day application security duties to support Grainger’s efforts to increase and improve our security posture across various application platforms. Position will have a direct impact on expanding and maturing Grainger’s application security program. Position will be a member of the Security Engineering team and will work directly with development resources. Major responsibilities and duties: • Define application security strategies and procedures

• Define and maintain operational processes to ensure expected software development results

• Research, recommend, evaluate, integrate, deploy and tune security tools including static and dynamic application security testing suites

• Develop and maintain security utilities and provide metrics dashboards/reports helping development teams with compliance visibility and tracking

• Evaluate software security technologies and products, review of existing technologies to ensure value and relevancy

• Augment the Continuous Integration and Continuous Deployment pipeline to include security controls

• Perform code audits on internal and open source libraries for use within our products

• Triage and remediate reported security issues

• Provide forensic analysis and remediation during application related incidents

• Conduct developer security awareness training and provide technical leadership and mentorship Requirements: • 5 years or more of related hands-on JAVA coding with secure product development experience (Also desired: JavaScript, C Number, C Plus Plus, Objective C, Swift)

• 2 or more years of application security experience, including a thorough understanding of issues detailed in the OWASP Top 10 and SWE Top 25

• Experience with DevOps/SecDevOps strategies is desired

• Deep understanding of information security principles as well as Defense-in-Depth strategies

• Practical experience with product development teams in a security engineering role is preferred

• CI/CD experience and security through automation is highly desirable

• Ability to conduct application security assessments and conduct vulnerability remediation of applications and services

• Demonstrate the ability to exploit and mitigate application related vulnerabilities

• Proficiency in performing risk, business impact, control and vulnerability assessments

• Ability to provide detailed security data analysis identifying inconsistencies and abnormal behavior

• Ability to clearly explain security issues found and ensure actions are clear to those responsible for remediation

• Experience developing, maintaining and administering of authentication systems

• Optional: Strong understanding of cryptography related to application programming and data protection (encryption, hashing, PKI, key management, etc.)

• Practical experience conducting web application security reviews and network-based penetration testing

• Ability to adapt to changes in priority to meet security needs of a highly agile security organization