Lead IT Security Engineer

Job Summary:

Dexian is seeking a Lead IT Security Engineer for an opportunity with a client located in Chicago, IL.

Responsibilities:

• Research, design, evaluate, and test the security of applications, systems, and networks to ensure the operational effectiveness of technical controls implemented by the organization; purpose-built security tools such as data loss prevention, logging and event management, enterprise encryption systems and also security controls embedded in enterprise systems and applications such as authentication and access controls
• Responsible for the effective use of cybersecurity systems including enhancements, upgrades, and lifecycle management through relationships with product and service vendors
• Ensure the technical integration of security components within the company to optimize the value and control benefits including ease of use, effectiveness, and breadth of coverage
• Assess technical risks in the company both pre and post-production through the Software Development Lifecycle (SDLC) and Change & Release Management Boards; communicate identified risks and recommend solutions
• Manage the research, appropriate response, and remediation of malicious and inappropriate activity; ensure consistency of the risk assessment approach across the organization
• Support policy updates; research and recommend changes to maintain strong security posture relative to enterprise architecture standards, cloud strategy, and AI implementations
• Manage continuous process improvement to identify technical or process enhancements in the delivery of IT Security services to increase service quality
• Prioritize improvements on a cost/benefit basis, communicating opportunities to management
• Serve as backup and/or escalation point in the fulfillment of IT Security service requests
• Manage IT Security-led projects following applicable project governance processes, including Software Development Life Cycle; ensure successful project outcomes, such as completing projects within time and budget tolerances
• Support new software, data, and service provider product and contract reviews

Requirements:

• Minimum 10 years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques
• Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of infrastructure technologies
• Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management, and freeware/commercial Wireshark, NMAP, Burp Suite, Nikto, Qualys, Tenable, Snyk, Wiz
• Security within a Microsoft environment is required
• Palo Alto experience is highly preferred but not required
• Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required
• Strong business acumen. Ability to understand the organization's various business functions and their objectives
• Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred
• Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred

Desired Skills and Experience

1. Minimum 10 years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques
2. Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of infrastructure technologies
3. Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management, and freeware/commercial Wireshark, NMAP, Burp Suite, Nikto, Qualys, Tenable, Snyk, Wiz
4. Security within a Microsoft environment is required
5. Palo Alto experience is highly preferred but not required.
6. Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required
7. Strong business acumen. Ability to understand the organization's various business functions and their objectives
8. Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred
9. Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred.

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.