Senior Security Engineer

    • Chicago, IL

Position Summary
The Information Security department of Spencer Stuart, a leading international management consulting firm specializing in senior-level executive search, is seeking an Information Security Engineer who has extensive experience in the research, design, analysis, testing and implementation of complex information security technologies. This person must be detail oriented and have the skills necessary to support, lead and drive complex information security projects across geographic and organizational boundaries. Candidate must be comfortable working in a fast-paced environment driving security best practices and technologies to support the protection of confidentiality, integrity and availability of key firm assets.

Principal Responsibilities

  • Design, communicate and deploy information security project deliverables on time, and to required quality to support service-based security goals -
  • Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues;
  • Use technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired
  • Deployment, operation and maintenance of systems consisting of perimeter security (next-gen firewalls, WAF), Intrusion Detection / Intrusion Prevention Systems (IDS/IPS), endpoint security (Anti-Malware, EDR), Security Information and Event Management (SIEM), Identity and Access Management (IAM) and vulnerability management.
  • Protect cloud-based architectures with AWS security tools, models and monitoring - IAM, Guard Duty, WAF/Shield
  • Maintain, support and build out security infrastructure around services currently operating in AWS and Azure
  • Partner with enterprise architecture, security architect, IT and business stakeholders to consult on broader firm wide initiatives that require security consulting expertise.
  • Work with the CISO and the Information Security team to define requirements and prototype solutions to support the enterprise information security roadmap.
  • Partner with the endpoint services and Service Desk teams to support the communication, deployment, and ongoing resolution of issues associated with security technologies and security incidents.
  • Partner with Spencer Stuart Development team to design and implement a Secure SDLC program to advance security principles within the development organization

Mandatory Working Experience
  • 8+ years of information security experience required.
  • 5+ years of experience in the configuration, testing, deployment and management of enterprise security software technologies.
  • 5+ years of experience with IAM platforms and concepts
  • 5+ years of active directory / LDAP experience.
  • 3+ years experience designing security architectures and managing security tooling in a cloud environment (preferably AWS).
  • A college or university degree and / or relevant work experience in the area of information security is required.
  • Self-starter & team player
  • Excellent analytical skills and attention to detail
  • Excellent oral and written communication skills
Mandatory Qualifications
  • Expert-level experience with configuring, implementing and managing security technologies such as anti-malware, system hardening, vulnerability management, intrusion detection/prevention, firewalls, security assessment utilities, and content filtering utilities, etc.
  • Advanced understanding of security design and operations in Amazon and Microsoft cloud platforms.
  • Strong understanding of network protocols and major operating systems
  • Strong knowledge of the indicators of compromise and what constitutes a targeted cyber- attack.
  • Strong understanding of SIEM architectures with specific experience with Splunk
  • Knowledge of DLP (Data Loss Prevention) technologies
  • Knowledge of IDS (Intrusion Detection System) technologies
  • Knowledge of web filtering and proxy technologies
  • Knowledge of vulnerability management best practices
  • Knowledge of common scripting languages such as, VB, Python, Powershell, BASH, & Perl
  • Knowledge of incident response and handling protocols and methodologies.
  • Knowledge of Agile development, Secure Software Development Life Cycle and DevSecOps
Key Working Relationships
  • Reports to Chief Information Security Officer
  • Information Security Team
  • Enterprise Architecture Team
  • IT Operations and Development Team(s)
  • Senior Business Subject Matter Experts
  • External Contractors

Spencer Stuart is an equal opportunity and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity

Back to top