at Crowe LLP in Chicago, Illinois, United States
Job Description
Your Journey at Crowe Starts Here:
At Crowe, you have the opportunity to deliver innovative solutions to today's complex business issues. Crowe's accounting, consulting, and technology personnel are widely recognized for their in-depth expertise and understanding of sophisticated process frameworks and enabling technologies, along with their commitment to delivering measurable results that help clients build business value. Our focus on emerging technology solutions along with our commitment to internal career growth and exceptional client value has resulted in a firm that is routinely recognized as a "Best Place to Work." We are 75 years strong and still growing. Come grow with us!
Job Description:
Kodiak Software Security Engineer
Overview:
The Information Security Engineer is responsible for designing, implementing, and maintaining security measures within an organization. They work with the MSSP to monitor networks, investigate incidents, and collaborate with IT teams to ensure robust security practices. The Information Security Engineer contributes to technology projects, creates and updates security standards and policies. The Information Security Engineer assesses the information security program in relation to applications and systems, identifying strengths and weaknesses and providing feedback to technology teams to enhance the firm's overall security posture.
Responsibilities:
* Collaborate with development teams to identify potential security threats and vulnerabilities in software designs.
* Conduct risk assessments to prioritize security efforts and allocate resources effectively.
* Research relevant software security technologies for potential improvements / best practice application.
* Promote secure coding practices within the development teams.
* Work with product engineering to design and implement secure architecture patterns for cloud-based applications that are both resilient and secure.
* Work with product engineering to ensure security testing, including static analysis, dynamic analysis, and penetration testing.
* Validate security controls and configurations in Azure environments.
* Mitigate security incidents promptly and effectively.
* Ensure product compliance with industry standards and regulatory requirements.
* Research relevant security news topics to maintain understanding of current security threats, methodologies and potential risks to the firm.
Qualifications:
* Advanced understanding of software security architecture fundamentals is required (Infrastructure, Azure, AWS, Operating Systems, Virtualization, Networking Concepts, Commands and Scripting, Network Security, Operational Security, Threats, Host Security, Access Control, Cryptography, etc)
* Technical knowledge of vulnerability assessment and exploitation, and practical experience with risk analysis and mitigation strategies are necessary to perform security testing, and to work with other stakeholders to design effective remediation plans.
* Expertise with Azure Governance and Compliance utilizing Azure Policies, Initiatives, and Blueprints
* Expertise in programming languages such as Python, C#, or Java and scripting languages such as Bash or PowerShell
* Expertise in configuration management tools such as Ansible, Chef, or Puppet, and orchestration tools such as Kubernetes, Docker, or Terraform
* Expertise in CI/CD tools such as Jenkins, Azure DevOps, Github Actions, and Git for version control.
* Expertise in testing tools such as Selenium, JUnit, or PyTest, and code quality tools such as SonarQube, Qualys, and Invicti
* Expertise in security tools and frameworks such as NIST, ISO, OWASP, SANS, or CIS
* Maintain awareness of threat actors and attack trends, as well as those specific to the firm, to identify risks and provide recommendations to management in response to changing threat landscape.
Requirements:
* Bachelor's degree in Computer Science, MIS, Information Systems, or equivalent experience
* Graduate degree and /or relevant certification(s) desired
* 7 years in Information Security role
* Travel maybe required to perform job/project duties
* As required, work after-hours
We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role... For full info follow application link.
EOE M/F/D/V
