Senior Consultant, Application Security - job 1 of 2

JOB DUTIES:  Assess the security and compliance of various types of client applications and supporting infrastructure against regulatory and industry requirements and standards, as well as security best practice frameworks using knowledge of Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and Mobile); Security principles, policies, and industry best practices; compliance frameworks (PCI DSS, FedRAMP, HIPAA); testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FedRAMP, or HITRUST; Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standard). Test computer programs and systems, including coordinating security tests in a team setting.  Conduct Application Penetration Testing (Browser-based, API, Mobile, IoT), Threat Modeling, and Source Code Reviews. Develop, document, and revise test procedures and quality standards for computer IT security systems.  Use computers in the analysis of security risks, such as exploitable vulnerabilities.  Write reports regarding client security as well as making recommendations for improvements and communicating them to the client.  Confer with clients regarding the nature of known security risks and mitigating controls. Train staff and users to work with computer systems and programs related to IT security. Provide staff and users with assistance solving computer-related security problems, such as malfunctions and program problems.  Use and review code in object-oriented programming languages, as well as client and server applications development processes and multimedia and internet technology regarding security risks.  Review and analyze computer printouts and performance indicators to locate code problems and communicate problems to developers.

RATE OF PAY: $143,500.00 to $148,500.00 per year. The employer will pay or exceed the prevailing wage, as determined by the U.S. Department of Labor

REQUIREMENTS: Bachelor of Science in Comp Science/Systems Engineering, Information Systems/Assurance, Cybersecurity, or closely related field and five (5) years of experience in the position offered or as an Information Security Analyst.  Experience must include at least five years’ working knowledge of:  Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and Mobile); Security principles, policies, and industry best practices; compliance frameworks (PCI DSS, FedRAMP, HIPAA); testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FedRAMP, or HITRUST; Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standards).  Position is eligible to telecommute 100% of work schedule. Domestic travel requirement of up to 10% of work schedule

LOCATION OF EMPLOYMENT: 330 N Wabash Ave, Suite 1430, Chicago, IL 60611.  Position is eligible to telecommute 100% of work schedule.