Cyber Security Analyst
Information Security Analyst Job 20 miles from Rolling Meadows
Job Title: Cyber Security Professional
Company: Richardson Electronics, Ltd.
Type: Full time/ON-SITE position
Job Responsibilities:
Monitor security alerts and events to identify potential security incidents.
Analyze security data from various sources, including intrusion detection systems (IDS), firewall logs, and antivirus reports.
Investigate and respond to security incidents, including malware infections, unauthorized access, and data breaches.
Perform root cause analysis to determine the source and extent of security incidents.
Perform remedial actions based on analysis.
Develop and maintain security incident reports, including incident details, response actions, and lessons learned.
Collaborate with other teams to remediate security vulnerabilities and weaknesses.
Keep up to date with the latest cybersecurity threats and trends.
Assist in the development and maintenance of security policies and procedures.
Participate in security awareness and training initiatives for employees.
Be on call for the MDR service as main point of contact for any breaches.
Generate and present reports on security incidents and trends to management.
Develop and promote best practices for information security.
Develop standard operating procedures and playbooks to improve cybersecurity monitoring and incident response.
Manage internal table top Cyber Security exercises using the Immersive Labs platform.
Qualification Requirements:
Associate degree in a relevant field (e.g., Computer Science, Information Security) or 2 years of experience working in cybersecurity.
Strong understanding of cybersecurity principles, technologies, and best practices
Proficiency in security information and event management (SIEM) tools
Knowledge of intrusion detection/prevention systems (IDS/IPS), firewall technologies, and endpoint security solutions
Excellent analytical and problem-solving skills
Strong understanding of fundamental IT concepts, including operating systems, networking, and databases
Strong communication and teamwork skills
Preferred Technical and Professional Expertise
Experience with ManageEngine's End Point Central, Eventlog Analyzer, and Vulnerability Management
Experience with Darktrace Cyber AI tool
Experience with Bitdefender AV & MDR+
Experience with Cisco Umbrella
Practical experience with TCP/IP networking
Working knowledge of routing and switching
About Richardson Electronics:Richardson Electronics, Ltd. is a leading global manufacturer of engineered solutions, power grid and microwave tubes, and related consumables; power conversion and RF and microwave components including green energy solutions; high-value replacement parts, tubes, and service training for diagnostic imaging equipment; and customized display solutions. More than 60% of our products are manufactured in LaFox, Illinois, Marlborough, Massachusetts, or Donaueschingen, Germany, or by one of our manufacturing partners throughout the world. All our partners manufacture to our strict specifications and adhere to our supplier terms and conditions. We serve customers in the alternative energy, healthcare, aviation, broadcast, communications, industrial, marine, medical, military, scientific, and semiconductor markets. The Company's strategy is to provide specialized technical expertise and “engineered solutions” based on our core engineering and manufacturing capabilities. The Company provides solutions and adds value through design-in support, systems integration, prototype design and manufacturing, testing, logistics, and aftermarket technical service and repair through its global infrastructure. More information is available at *************
Diversity, Equity, Inclusion and Belonging Commitment
Richardson Electronics is an international company with offices located throughout the world. We promote a culture where our employees feel welcome, respected and empowered to grow. We understand, respect and value the similarities as well as the differences of our employees as we do in our own families. We strive to be nurturing and open-minded and to create a genuine feeling of belonging. Our commitment to diversity, equity, inclusion and belonging creates a great place to work and an environment where our employees, our customers and the communities we serve can reach their goals and connect. Our effectiveness in maximizing and bringing together the talents of people of different backgrounds, experiences and perspectives is key to our continued global success.
Equal Opportunity Employer/Veterans/Disabled
*Must be authorized to work in the US.
Required postings:
Family Medical Leave Act (FMLA) **********************************************************
Employer Polygraph Protection Act (EPPA) *********************************************************
Equal Employment Opportunity (EEO) Know Your Rights ***********************************************************************************
Invitation to Self-Identify **************************************************************************************
Senior Security Operations Center (SOC) Analyst
Information Security Analyst Job 24 miles from Rolling Meadows
The Aspen Group (TAG) is one of the largest and most trusted retail healthcare business support organizations in the U.S. and has supported over 16,000 healthcare professionals and team members at more than 1,200 health and wellness offices across 46 states in four distinct categories: Dental care, urgent care, medical aesthetics, and animal health. Working in partnership with independent practice owners and clinicians, the team is united by a single purpose: to prove that healthcare can be better and smarter for everyone. TAG provides a comprehensive suite of centralized business support services that power the impact of five consumer-facing businesses: Aspen Dental, ClearChoice Dental Implant Centers, WellNow Urgent Care, Chapter Aesthetic Studio, and AZPetVet. Each brand has access to a deep community of experts, tools and resources to grow their practices, and an unwavering commitment to delivering high-quality consumer healthcare experiences at scale.
The Senior SOC Analyst is responsible for managing activities relating to monitoring and responding to security events. Additionally, this position will work closely with the SOC Manager on the development and oversight of the SOC program and maintaining operational efficiencies. The Senior SOC analyst receives research, triages, and documents all security events and alerts as they are received. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as well as other internal business units and external customers/partners. Events will be generated from endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third parties and other sources. The Senior SOC Analyst is an excellent communicator with others and is able to explain security concepts to both security and non-security personnel.
The Senior SOC analyst reports to the SOC manager and is an involved member of the SOC team. This role must display an in-depth understanding of new trends and technologies related to IT security and compliance and contribute to the company IT security strategy and roadmap.
Responsibilities:
As an active member of the team, monitor and process response for security events on a 24x7 basis.
Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
Participate in threat modeling collaboration with other members of the security team.
Automate repetitive tasks and drive efficiencies so the SOC can operate at high efficiency.
Assist with incident response as events are escalated, including triage, remediation, and documentation.
Manage security event investigations, partnering with other departments (e.g., IT) as needed.
Aid in threat and vulnerability research across event data collected by systems.
Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships.
Share information as directed with other team members and ISACs.
Seek opportunities to drive efficiencies.
Evaluate SOC policies and procedures and recommend updates to management as appropriate.
Develop metrics and scorecards to measure risk to the organization.
Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security, and data networking, to offer global solutions for a complex heterogeneous environment.
Maintain working knowledge of advanced threat detection as the industry evolves.
Perform other duties as assigned.
Skills & Experience:
Bachelors in Information Security related degree.
Required SANS GCIH or GCIA
CISSP certification a plus.
At least 5+ years of information security monitoring and response or related experience.
Experience working in a 24x7 operational environment, with geographic disparity preferred.
Experience driving measurable improvement in monitoring and response capabilities at scale.
Experience managing SIEM systems (Splunk ES preferred), threat intelligence platforms, SOAR solutions, IDS/IPS, and other security, network, and system monitoring tools.
Knowledge of a variety of Internet protocols.
History of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).
Highly effective communicator with ability to influence business units.
Analytical and problem-solving mindset.
Highly organized and efficient.
Leverages strategic and tactical thinking.
Works calmly under pressure and with tight deadlines.
Demonstrates effective decision-making skills.
Is highly trustworthy; leads by example.
If you are an applicant residing in California, please view our privacy policy here:
*********************************************************************************
Staff Engineer, Security Engineering
Information Security Analyst Job 24 miles from Rolling Meadows
Grubhub is seeking a seasoned Staff-level Software Engineer to design, develop, and maintain security infrastructure and tools to protect the company's platform and data. Grubhub is in growth-mode and we need standardized processes and tools that can be scaled across the organization, to ensure that security measures keep up with the pace of the business. You will work closely with cross-functional teams, including software engineering (FE + BE), IT, and SRE, to ensure our security practices are robust and scalable. Your expertise will help us achieve our goal of building secure, resilient, and efficient systems. A key part of your role will be to develop and maintain "paved roads" for security, creating standardized and streamlined paths that make secure practices the easiest and most efficient options for our teams. This role reports directly to the head of cybersecurity with broad latitude to work with both senior and new-grad engineers to make a measurable impact on Grubhub's security posture.
Your Impact
You will enhance the overall security posture of Grubhub by identifying and mitigating security defects proactively.
You will contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk.
You will champion high-integrity + high-assurance outcomes in order to ensure the delivery of secure and trustworthy experiences
You'll tangibly reinforce our #1 technology philosophy: “security first” by integrating security into the development process from the start, rather than as an afterthought.
What You Will Do
Identify lacking security-sensitive functionality in Grubhub's applications and services, translating those control gaps into actionable engineering remediation plans and solutions
Design, build, deploy and drive adoption of embedded security tooling in conjunction with internal services and platform teams
Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new security systems and technologies
Drive initiatives with outside teams to re-engineer existing services to ensure that Grubhub remains resilient against the latest security threats
Bridge security domain knowledge gaps through technical mentorship of a team of passionate engineers while also delivering uniquely challenging projects.
What we're expecting you to have
Bachelor's in Computer Science, Engineering or a related field
Professional experience of 8+ years in at least two security domains: web security (inclusive of APIs, backends, frontend and microservices), edge/perimeter security, mobile security, cloud security, systems security, or reverse engineering
7+ years of industry experience in a software development environment with expert-level proficiency in programming languages like Java, Python, or C++
Demonstrable experience developing libraries and frameworks that are pre-vetted for security, which developers can use to avoid common vulnerabilities.
Hands-on experience incorporating security checks and tests into the CI/CD pipeline so that every code change is automatically reviewed for security issues before it is deployed.
Demonstrable experience in conducting code reviews to identify security deficiencies in how business logic is implemented.
Experience designing, implementing, and deploying production-quality security engineering systems and incorporating security standards into supporting subsystems as needed.
Hands-on experience with middleware, message queues, caches, and other related technologies.
Strong experience in architecture design, high-availability, high-performance, distributed systems and working with 5x9/ zero-downtime systems.
Demonstrable commitment to engineering and operational excellence-to include development + monitoring of SLOs/SLIs to assure adherence to EOE standards-with direct experience in driving security outcomes within an engineering culture.
A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
Working familiarity with version control systems (Git), issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model.
Ability to communicate ideas and proposals concisely to a wide-range of audiences
Ability to author both technical and non-technical documentation on a continuous cadence.
Ability to fully participate in our on-call rotation as a service owner
What does a strong candidate have?
Master's (or Ph.D) in Computer Science, Engineering or a related field
A security industry-related certification such as Certified Information Systems Security Professional (CISSP) or Offensive Security Certified Professional (OSCP)
Knowledge of both iOS and Android architecture and development
Expert-level knowledge within identity and access management security domain, inclusive of role-based access controls, factors-based authentication and identity-based attack (both legacy and emergent) patterns.
Willingness to participate in incidents as needed as a security SME
Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
Prior experience leading the design or reconstruction of complex systems, preferably in e-commerce or retail-related fields.
Deep understanding of the related theories of distributed systems, such as load balancing, distributed transactions, CAP/BASE, etc
(Bonus) Experience with hardware or embedded device security such as what you would find in a kiosk or a point-of-sale system
And Of Course, Perks!
Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.
Cyber Security Specialist
Information Security Analyst Job 24 miles from Rolling Meadows
🚀 We're Hiring a Cyber Security Specialist! 🛡️
Are you ready to make an impact in the ever-evolving world of cybersecurity? We're on the lookout for a dynamic and experienced Cyber Security Professional with 5-7 years of IT expertise, including 3-5 years in a cybersecurity-focused role and 2-3 years in system/network administration or helpdesk experience (if you've transitioned into cybersecurity).
📍 What You'll Bring to the Table:
Cybersecurity Experience:
SIEM Management
Endpoint Protection for mobile and desktop
Vulnerability Management
Phishing and Cybersecurity Awareness Training
Cloud Security Posture Management (AWS, Azure, or GCP)
Network Savvy:
LAN, WAN, VPN, DNS, WAF, HTTP, SSL/TLS, and more
Windows/Linux Server & Desktop Administration
Penetration Testing: Collaborate with vendors to manage pen tests.
Project Leadership: Plan, communicate, and execute IT/Cybersecurity projects.
Exceptional Communication Skills: Confidently engage with end-users and executive staff, whether one-on-one or in large group settings.
🔑 What Sets You Apart:
Your ability to bridge technical expertise with practical solutions, plus a knack for connecting with diverse teams to elevate security practices across the organization.
🌐 Why Join Us?
Here, you'll play a pivotal role in safeguarding our systems while working with cutting-edge technologies in an environment that values innovation, teamwork, and professional growth.
🎯 Maximize Your Potential in a Role That Truly Matters!
If you're passionate about cybersecurity and ready to lead with excellence, we'd love to hear from you.
Apply now to take the next step in your career!
#CyberSecurityJobs #ITSecurity #NetworkAdmin #SIEM #EndpointProtection #CloudSecurity #PenetrationTesting #CyberAwareness #AWS #Azure #Linux #WindowsAdmin #ProjectManagement
Cyber Security Engineer
Information Security Analyst Job 7 miles from Rolling Meadows
Cybersecurity Systems Engineer
We are seeking a highly skilled and experienced Cybersecurity Systems Engineer to join our team. This role involves developing and implementing advanced cybersecurity solutions for critical infrastructure, ensuring compliance with defense industry standards, and enhancing security posture across hardware and software systems. The ideal candidate will have in-depth knowledge of DoD cybersecurity policies, Risk Management Framework (RMF), and a strong technical background in network security, vulnerability management, and incident response.
Key Responsibilities:
Maintain a deep understanding of DoD cybersecurity policies and Risk Management Framework (RMF), ensuring all security requirements are met.
Independently conduct research to recommend and implement security mechanisms across hardware and software systems.
Collaborate with internal teams, including software developers and systems engineers, to integrate security requirements into products efficiently.
Provide actionable guidance, including prototyped solutions, to improve security posture across all technology platforms.
Develop and contribute to cybersecurity documentation to support deliverables, ensuring compliance with regulatory and industry standards.
Lead vulnerability assessments and incident response efforts, managing remediation processes to protect critical assets.
Work closely with external partners and vendors to ensure security requirements and best practices are being followed.
Basic Qualifications:
Bachelor's Degree or Master's Degree in a STEM related field.
5+ years of experience in cybersecurity and systems engineering.
Strong knowledge and experience with DoD 8570 IASAE Level II certification.
Experience with Linux systems administration and networking protocols.
Proficiency in working with network security tools such as routers, firewalls, VPNs, managed switches, and wireless access points.
In-depth knowledge of modern encryption techniques and PKI (Public Key Infrastructure), including certificate management.
Excellent written and verbal communication skills.
Ability to obtain and maintain a DoD security clearance.
Preferred Qualifications:
Active Secret DoD security clearance.
Experience with NSA's CSfC (Commercial Solutions for Classified) program.
Familiarity with NIAP protection profiles for cybersecurity components.
Experience using Mobile Device Management (MDM) tools, particularly for Android devices.
Familiarity with Samsung Knox, Data at Rest (DAR) techniques, and secure boot system implementations.
Experience with hardware root of trust implementations.
Benefits:
Competitive compensation and overtime pay.
Comprehensive healthcare package including vision, dental, and HSA.
Generous 401k retirement plan.
Flexible scheduling and paid time off.
Tuition reimbursement for continued learning and development.
About Us:
We are a leader in the defense industry, specializing in the development of advanced cybersecurity systems and critical infrastructure protection. Our team works closely with military and defense partners to deliver cutting-edge solutions designed to ensure the security and effectiveness of defense technologies. We offer a collaborative, flexible work environment, providing opportunities for innovation, growth, and hands-on problem-solving.
We are an equal opportunity employer and encourage individuals from all backgrounds to apply.
Security Cloud Engineer
Information Security Analyst Job 9 miles from Rolling Meadows
Our Client is looking for a Security Cloud Engineer with a strong background in both cloud security and Terraform development to join their dedicated security team. The individual will be responsible for implementing robust security measures within cloud environments, ensuring compliance with industry standards, and automating security controls using Infrastructure as Code (IAC) practices. You will play a pivotal role in safeguarding our cloud infrastructure and services while enabling the agility and scalability of our cloud operations.
Key Responsibilities
- Design and implement security architectures, controls, and policies across cloud environments utilizing Terraform.
- Collaborate with development and operations teams to integrate security best practices into the CI/CD pipeline and cloud infrastructure deployment processes.
- Automate the provisioning of secure cloud resources through Infrastructure as Code, ensuring all security configurations are codified and versioned.
- Conduct regular security assessments and audits of cloud systems to identify vulnerabilities and compliance gaps.
- Monitor cloud environments for security incidents and respond to alerts by investigating and remediating security issues.
- Develop and maintain documentation related to cloud security configurations, procedures, and incident response plans.
- Stay up to date with the latest security threats, vulnerabilities, and best practices in cloud security and recommend improvements to security posture.
- Provide guidance and training to engineering and development teams on cloud security principles and practices.
- Collaborate with compliance teams to ensure adherence to regulatory standards and frameworks applicable to cloud infrastructures (e.g., GDPR, PCI-DSS, HIPAA).
Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent practical experience).
- Proven experience as a Security Engineer, Cloud Engineer, or similar role with a focus on cloud technologies.
- Expert-level proficiency in Terraform for managing secure cloud infrastructure.
- Basic familiarity with scripting languages (e.g., Python, Bash) to automate security tasks.
- Strong understanding of cloud security principles and best practices, including identity and access management, data protection, and network security in a cloud environment.
- Familiarity with cloud service providers Azure and OCI and their security services and features.
- Experience with cloud security tools (e.g., CSPM, CASB, SASE).
- Experience with security tools and frameworks (e.g., CIS Benchmarks, Azure Security Center).
- Excellent problem-solving skills and attention to detail, with a proactive approach to security challenges.
- Strong communication skills and the ability to effectively collaborate with cross-functional teams.
Preferred Skills
- Relevant certifications in cloud security (e.g., Certified Cloud Security Professional (CCSP)).
Senior Security Engineer
Information Security Analyst Job 24 miles from Rolling Meadows
*****NO C2C OR THIRD PARTY INQUIRIES*****
Senior Security Engineer
Top skills/tools, etc. that are MUST haves:
Panorama/NGFW Expert
Strong Network Skills
Checkpoint Migration Experience
Nice to haves:
XSOAR Experience
Zero Trust Experience (AppID, UserID, DeviceID, ContentID)
Azure / AWS Experience
VM Series
Job Description
You will provide guidance and technical support to clients deploying security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Your thorough understanding of our product integrations contributes to the development of new principles and concepts - providing detailed analysis around what's working, what's not, and what could be better.
You enjoy implementation work, are proactive about resolving potential concerns, and operate well around strict best practices that enable our clients on their road to a more secure digital world. You're creative, innovative, and you love a challenge - learning how integrations might work better around new products and technologies.
Responsibilities
Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate
Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution
Configure, implement, and maintain Security Operating Platform
Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall
Test and validate the migration environment
Coordinate and execute cutover to production
Provide guidance on code upgrades
Facilitate the development of new application and threat signatures
Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases
Some travel may be required, dependent on customer request
You work with the customer's security & network teams to build confidence across the business units impacted by the change
Experience
High level of experience with Panorama and log collectors
NGFW
Global Protect
BS in Computer Science, MIS, business, or equivalent education/training/experience
Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching)
Minimum of 3 years' experience leading security solutions in large environments)
Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products
You're experienced in internetworking, LAN, and WAN technologies
You have a good understanding of Internet protocols and applications
Any of the following industry certifications or equivalent experience is a plus: CISSP, CCNA, PCNSE, JNCIE-SEC
You effectively handle multiple projects and work calmly in high pressure
You're an excellent writer, with strong verbal communication skills, with demonstrable ability to communicate to senior leaders and technical peers
Hybrid Sr Cyber Security Engineer (Red Team) - NO C2C
Information Security Analyst Job 24 miles from Rolling Meadows
Hybrid Senior Cyber Security Engineer (Red Team) - No C2C and No Sponsorship
One of the world's most prominent derivatives marketplace is focused on seeking highly motivated individuals to help foster their corporate culture and uphold their core values with integrity. In this role, you will be working with the most advanced trading technology and industry-leading clearing and risk management capabilities. Come join their world-class team!
This Contract role as a Hybrid Senior Cyber Security Engineer (Red Team) in Chicago, IL is responsible to lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework.
Responsibilities:
· Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework.
· Participate in purple team exercises that are intelligence driven to test cyber detections
· Build and maintain Red and Purple team infrastructure, automating functions where possible.
· Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members.
· Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools.
· Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables.
· Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset.
· Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
· Active contributor to Red and Purple Team activities for internal presentations and conference.
Requirements:
· Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
· Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing.
· Expert understanding of Red Team concepts, tools, and automation strategies.
· Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures.
· Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability.
· Expert understanding of Windows and Linux system hardening concepts and techniques.
· Expert understanding of modifying payloads to bypass detections like EDR.
· Expert understanding of how to compromise a company without using phishing.
· Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
· Experience with at least one cloud environment (AWS, GCP, Azure).
· Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective.
Nice to have:
· Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings.
· Experience of using multi operating system command and control tools.
· Experience developing custom attack tradecraft or modifying existing tools.
· Experience using automated configuration management such as Chef.
· Experience discovering and exploiting vulnerabilities in AI systems.
· Experience of conducting Offensive Security and/or Red Team exercises against mac OS, iOS, or ChromeOS.
· Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc.
· Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
· Knowledgeable in Agile project management.
Benefits:
Solving IT, a Woman and LGBTQ+ owned and operated organization is thrilled to provide a comprehensive benefit package to all our W2 employees and their families, regardless of gender. We are proud to offer five diverse health plan options as well as a PPO dental plan through Blue Cross Blue Shield, Term Life/AD&D Insurance, and a 401(k) Savings Plan. Solving IT covers a portion of the health and dental premiums for our employees.
As you progress in your professional journey, Solving IT is dedicated to accommodating your evolving preferences and matching you with fulfilling projects. We champion equality and embrace diversity in all its forms. Creating an atmosphere that encourages varied perspectives to collaborate fosters personal development, strengthens team unity, and contributes to the overall success of the organization!
Whether you're seeking your next career challenge or aiming to stay abreast of industry trends, Solving IT is committed to supporting your career advancement. We actively encourage applications from all backgrounds and utilize the most up-to-date market insights and compensation data to ensure that you receive not just advice, but the complete Solving IT Experience.
Security Architect
Information Security Analyst Job 24 miles from Rolling Meadows
Role :CIAM/Security Architect
Job type :Fulltime
Roles and responsibilities:
Develop and implement CIAM strategies and solutions that align with business objectives and security requirements.
Design and document CIAM architectures, including user authentication, authorization, and identity lifecycle management.
Conduct risk assessments and develop mitigation strategies to ensure the security and privacy of customer data.
Collaborate with cross-functional teams, stakeholders, and subject matter experts to understand their CIAM needs and translate them into technical requirements.
Evaluate and select CIAM technologies and vendors based on business requirements and industry best practices.
Define and enforce CIAM policies, procedures, and standards to ensure compliance with regulatory requirements.
Develop analysis & process documents, requirements and roadmaps for various projects and programs across GB's business units, applications, and products.
Advocate and drive adoption of Business Architecture best practices to ensure standardization
Stay up to date with industry trends & advancements in CIAM and security technologies.
Required:
10+ years of related experience as a Business Architect or similar role, with a focus on CIAM framework (such as OAuth, OpenID Connect & SAML)
Strong knowledge of security principles, including authentication, authentication and encryption.
Experience with CIAM technologies, such as Okta or Ping Identity.
Familiarity with regulatory requirements, such as GDPR and CCPA, and their impact on CIAM
Proficiency in translating business requirements into technical solutions and collaborating with IT teams for implementation.
Excellent analytical, problem-solving, and communication skills.
Ability to collaborate effectively with cross-functional teams, stakeholders, and subject matter experts.
Strong attention to detail and a passion for operational excellence.
Experience working in both Agile/Scrum & Waterfall development processes
Must be self-directed and able to perform project duties with minimal direction and supervision
Thanks & Regards,
Sweety Singh
Tata Consultancy Services
Mail: *********************
Website: ******************
IT SAP Production Planning Solutions Analyst
Information Security Analyst Job 24 miles from Rolling Meadows
Role description:
We are seeking a highly skilled and experienced IT Production Planning Solutions Analyst with global IT experience and a strong background in SAP PP/PPDS modules and satellite planning solutions (such as SAP IBP or Blue Yonder) to join our team and provide E2E expert support for integrated business planning and production execution. The ideal candidate will have a deep understanding of SAP PP/PPDS, a strong track record of delivering successful projects, and a passion for driving operational excellence in a global context.
Responsibilities:
Operational Support: Provide timely and effective support for production-related issues, troubleshooting problems, and resolving incidents
Project Involvement: Contribute to planning and production execution related projects as needed, including implementation, upgrades, and enhancements
Planning Solutions: Leverage expertise in planning tools to support planning projects and optimize processes
Global Coordination: Work with global teams to ensure consistent processes and data management across different regions
Business Requirements Analysis: Translate business requirements into functional specifications for IT Application solutions
Best Practices: Identify and implement IT best practices to optimize planning and production execution
Continuous Improvement: Drive continuous improvement initiatives to enhance efficiency and effectiveness
Knowledge Sharing: Share expertise and knowledge with team members to foster a culture of learning and development
Project Management: Capable of efficiently managing concurrent projects, project teams and prioritizing tasks to achieve project goals within specified timelines
Minimum skills / qualifications:
Bachelor's degree in IT or a related field
Seven (7) years of hands-on experience with SAP PP/PPDS
Five (5) years of hands-on experience with IBP applications (SAP IBP, Blue Yonder or comparable solutions)
In-depth knowledge of SAP PP/PPDS modules (e.g., production planning, scheduling, MRP, material master, BOMs, Routing).
In-depth knowledge of Integrated Business Planning applications preferable SAP IBP and Blue Yonder
Good understanding of SAP ECC modules and integration with other planning modules
Familiarity with IT infrastructure and cloud technologies.
Configure SAP PP/PPDS modules to meet specific business needs, including master data setup, planning strategies, and scheduling parameters.
Work with developers to deliver custom solutions and enhancements.
Ensure the quality of SAP ECC and Integrated Business Planning solutions through rigorous testing and validation.
Preferred skills / qualifications:
Deep understanding of application development and lifecycle management.
Ability to analyze project, program, and portfolio needs.
Teamwork, Oral & written Communications, Logical Analysis, Business skills and methods, Business and Strategic Processes
Knowledge of problem analysis, structured analysis, and design techniques.
Experience in a global operations environment.
Strong analytical and conceptual skills; ability to create original concepts/theories for a variety of stakeholders
Ability to facilitate business meetings and influence best practices
About Ardagh Group
Ardagh Glass Packaging is a global leader in glass packaging solutions, producing packaging for the world's leading brands. We trace our roots all the way back to the Irish Glass Bottle Company, founded in 1932. Since then, we have grown rapidly to a team of more than 20,000 people with revenues of over $9 billion.
Today we have a presence across Europe, Africa, and North America.
Did you know that Ardagh produce many of the beverage cans and bottles you drink your favorite beverages from?
Did you know we produce metal and glass packaging which are permanent materials, meaning they can be infinitely recycled without any loss of quality?
Did you know we produce more than 160 million containers per day?
Ardagh is passionate about sustainability and have a reputation for innovation. We push the boundaries of what's possible, pioneering new production methods, new design techniques and new ways to recycle and save energy. Our aim is to reduce any negative environmental impact while remaining economically sustainable and socially responsible. We believe that the success of our business depends on the success of our people. We strive to create working environments where our employees feel valued, can work to their full potential, and where their achievements are celebrated. Here at Ardagh, we offer exciting and rewarding opportunities for talented and creative people. If you have ambition and want to make an impact with your career, come and join our team, you'll enjoy the journey!
Benefits Offered
Medical, prescription, dental and vision plans
Health Savings Account (HSA) and Flexible Spending Accounts (FSA)
Life insurance
401(k) retirement plan with company match and an employer retirement contribution
Paid holidays, floating days and vacation
Short- and Long-Term Disability (STD/LTD)
Employee Assistance Program (EAP)
Tuition reimbursement program
Professional and personal development opportunities through Employee Resource Groups
Benefits available from day 1 of employment
Flexible and hybrid working hours
Ardagh Group is an Equal Employment Opportunity (EEO) Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other basis prohibited by federal, state, and local law.
Ardagh Group complies with federal, state, and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. Contact Clare McHugh (****************************) if a reasonable accommodation is needed.
Entra ID Architect - Cyber Security
Information Security Analyst Job 24 miles from Rolling Meadows
What Working at Hexaware offers:
Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.
Hexaware provides access to a vast array of tools that enhance, revolutionize, and advance professional profile. We complete the circle with excellent growth opportunities, chances to collaborate with highly visible customers, chances to work alongside bright brains, and the perfect work-life balance.
With an ever-expanding portfolio of capabilities, we delve deep into and identify the source of our motivation. Although technology is at the core of our solutions, it is still the people and their passion that fuel Hexaware's commitment towards creating smiles.
“At Hexaware we encourage to challenge oneself to achieve full potential and propel growth. We trust and empower to disrupt the status quo and innovate for a better future. We encourage an open and inspiring culture that fosters learning and brings talented, passionate, and caring people together.”
We are always interested in, and want to support, the professional and personal you. We offer a wide array of programs to help expand skills and supercharge careers. We help discover passion-the driving force that makes one smile and innovate, create, and make a difference every day.
The Hexaware Advantage: Your Workplace Benefits
Excellent Health benefits with low-cost employee premium.
Wide range of voluntary benefits such as Legal, Identity theft and Critical Care Coverage
Unlimited training and upskilling opportunities through Udemy and Hexavarsity.
Job Role - Entra ID Architect - Cyber Security
Location- Chicago, IL (Day1 Onsite- Hybrid, No remote)
Job Type - Fulltime permanent
Mandatory - Entra ID, Azure Active Directory, OKTA Active Directory synchronization
Job Description:
1) Minimum 8+ years of relevant experience in IT Security/Active directory environment
2) Minimum 4+ years of experience as a Entra ID developer.
3) Advanced knowledge of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol, Active Directory Federation Services, and other centralized identity stores
4) Knowledge of Azure Active Directory/Entra ID capabilities such as Conditional Access Policies, Privileged Identity Manager, and Application Registrations
5) Knowledge of implementing security on Active Directory and Entra ID and hardening those platforms
6) Experience in performing Disaster Recovery exercises
7) Experience with PowerShell scripting and automation, including utilizing APIs such as Microsoft Graph
8) Understanding of effective dimensional modeling techniques as they relate to the performance of Cognos
9) Understanding of Single-Sign-On and authentication protocols such as SAML & OIDC
10) Familiarity with directory synchronization tools, especially Entra ID Connect
11) Lead Active Directory and Entra ID disaster recovery exercises and ensure operational stability of backup solutions
12) Knowledge of Entra ID capabilities such as Conditional Access Policies, Privileged Identity Manager, and Application Registrations
13) Strong communication and collaboration skills to work effectively with cross-functional teams.
14) Ability to work independently as well as on a team.
Information Security Specialist
Information Security Analyst Job 24 miles from Rolling Meadows
Chicago, IL Business Technology Group - Business Technology Group / Full-Time / Hybrid Harrison Street is a leading investment management firm exclusively focused on alternative real assets. Headquartered in Chicago and London with offices throughout North America, Europe and Asia, the Firm has more than 280-employees and nearly $56 billion in assets under management. Clients of the Firm include a global institutional investor base domiciled in North America, Europe, Asia-Pacific, Middle East and Latin America. Under direction of the Director, Head of Information Security, Global CISO, the candidate will support and assist on Harrison Street's (HS's) multi-faceted cybersecurity program. The candidate works with internal and external business partners, technology staff, and third-party vendors to drive the cybersecurity strategy, manage tactical cybersecurity initiatives, and complete day to day cybersecurity related tasks. Further, the candidate will assist in external communications and maintain reporting requirements with the security program to maintain a best-in-class program in a regulated environment. Attention to detail, ownership, accountability, and critical thinking skills are required. **Responsibilities**
+ 50% **HS 3rd Party / External Cybersecurity Program Management**
+ Manage 3rd party vendor cybersecurity assessments, risk tracking, and other activities.
+ Leads cybersecurity conversations with vendors to provide ongoing monitoring and control enforcement of required controls.
+ Lead execution of cybersecurity audits on HS Operating Partners and other 3rd party partners and managers.
+ With input from the CISO, as needed, oversees and improves the cybersecurity maturity models, risk ratings, and internal/external facing audit output templates.
+ Works to understand the evolving cybersecurity risk at the asset, JV, and manager levels and continually enhances the program to mitigate.
+ Builds a working relationship with third party partners to provide advisory input, cybersecurity posture and potential enhancements.
+ Works with internal stakeholders to prioritize audits and conducts follow up debrief calls with operating partners.
+ Provides input into third party audit requests and generates evidence as needed.
+ 25% **Documentation, Configuration, Technical Writing, and Communication**
+ Provide input to and assist with the updates of policies, procedures, and other program related documentation.
+ Assist with the configuration & oversight of cybersecurity tools & platforms.
+ With support from the CISO as needed, produce executive level documentation, audit reports, analysis, technical writings, and communication.
+ Effectively communicate with executives, business level stakeholders, employees, operating partners, and vendors.
+ Communicate details around complex topics
+ Set and manage realistic and appropriate expectations
+ 20% **HS Cybersecurity Program Management Support**
+ Assist in maintaining a program aligned to the NIST cybersecurity framework, SEC and other regulatory guidance, and industry best practices.
+ Assist with the evaluation, mitigation, and reporting of information security risks within Harrison Street.
+ Provide input into firmwide risk meetings; participates in quarterly security strategy and risk management meetings, as appropriate.
+ Assist with the improvement of Harrison Street's existing cybersecurity toolset by planning and executing on toolset enhancements, as appropriate.
+ Assists with monitoring threats, responding to incidents, and taking preventative measures.
+ Assists with audits, e.g., SOX, data privacy and regulatory compliance, and other initiatives. Leverages IT tools to support audit artifact requests.
+ 5% **Miscellaneous**
+ Attend meetings and serve on committees, as requested.
+ Maintain and increase knowledge and skills through attendance at meetings, conferences, training seminars and in-service training sessions.
**Qualifications:**
+ 3+ years of experience in a regulated mid-market technology environment.
+ Bachelor's Degree in a technical discipline such as Information Security, Computer Science, Information Services, or related field.
+ Experience with Program and Project Management.
+ Security certifications such as CISSP, CISA, or CISM preferred.
+ Knowledge of PCI-DSS, HIPAA, HITRUST, and SSAE 18 SOC 1 & 2 preferred.
+ Experience with various hardware, software, and communications products preferred.
+ Knowledge of data communications and network security fundamentals preferred.
+ Knowledge of database fundamentals preferred.
+ Knowledge of platform and system integrations preferred.
+ Knowledge of Enterprise Architecture design preferred.
+ Knowledge of M&A diligence and integrations preferred.
**Required Skills**
+ Must be able to evaluate critical problems and determine solutions.
+ Must have excellent written and verbal communication skills.
+ Must be able to interpret and apply relevant laws, regulations and policies.
+ Must be able to read and understand technical manuals.
+ Must be able to work for extended time at keyboard/terminal.
+ Must be able to maintain professional and effective working relations with supervisors, co-workers.
+ Must be able to work flexible hours, including weekends and evenings.
+ Must be able to learn new skills and technologies.
**Required Travel**
+ Ability to travel up to 10%
Senior Information Security Specialist - Bureau of Technology
Information Security Analyst Job 24 miles from Rolling Meadows
Job DetailsJob SummaryServe as a senior technical expert to assist in the design and administration of Information Technology (IT) security architecture and privacy services across the network. Monitor and utilize information security technologies for the identification of suspicious and malicious activities and inadequate security practices as they relate to IT security architecture. Oversee analysis and monitor of security violations, alerts and malware detection reports prepared by a third-party vendor. Serve as the senior liaison regarding all security vulnerabilities reported.
Graduation from an accredited college or university with a Bachelor's Degree is required.
Four (4) years as an analyst in Information Technology (IT) Networking or Security or directly related experience is required or
An equivalent combination of education and/or experience is required.
Valid driver's license is required.
This position is considered a safety-sensitive position. Candidates who are selected to fill safety-sensitive positions must pass a required drug test as part of the pre-employment background check process.Candidates who are contacted will be required to produce original required documents (e.g., current driver s license, diploma, school transcript, certifications, etc.) listed on the Notice of Job Opportunity within five (5) days of being extended an offer, in writing, by the Bureau Chief of BHR (or designee). Candidates will be notified of how to submit required documents.*Degrees awarded outside of the United States with the exception of those awarded in one of the United States territories and Canada, must be credentialed by the World Education Services (WES), Educational Credential Evaluators (ECE) or a National Association of Credential Evaluation (NACES) member organization.KNOWLEDGE, SKILLS, ABILITIES AND OTHER CHARACTERISTICS
Knowledge of IT security theory, technologies, policies/best practices, and enterprise architectures and knowledge of network architecture, operations and protocols. Ability to work 24/7 including holidays and weekends.
Knowledge of secure network/systems configuration management as well as an understanding of networking concepts and devices. Knowledge of application development methodologies and regulatory regulations.
Knowledge of active directory environments, virtual and mobile technologies, Information Security functions, and complex enterprise architecture security lockdowns.
Excellent oral and written communication skills including the ability to document requirements, designs, communication plans, project plans, project status reports and other relevant project-related issues.
Ability to independently guide staff in area of specialization to drive business success.
Ability to provide in-depth insight, advice and expertise to other professionals, management, and external contacts in an assigned functional area.
Ability to operate as a senior team member and communicate advanced specialized knowledge to team members, leaders, and external stakeholders.
Knowledge of complex principles and practices for a specialized area of focus.
Physical Requirements:Sedentary Work involves exerting up to 10 pounds of force occasionally or a negligible amount of force frequently to lift, carry, push, pull, or otherwise move objects. Sedentary work involves sitting most of the time but may involve walking or standing for brief periods of time.The duties listed are not set forth for purposes of limiting the assignment of work. They are not to be construed as a complete list of the many duties normally to be performed under a job title or those to be performed temporarily outside an employee s normal line of work.
Benefits Package
Medical, Dental, and Vision Coverage
Basic Term Life Insurance
Pension Plan and Deferred Compensation Program
Employee Assistance Program
Paid Holidays, Vacation, and Sick Time
You May Qualify for the Public Service Loan Forgiveness Program (PSLF)
Information Security Specialist
Information Security Analyst Job 24 miles from Rolling Meadows
Harrison Street is a leading investment management firm exclusively focused on alternative real assets. Headquartered in Chicago and London with offices throughout North America, Europe and Asia, the Firm has more than 280-employees and nearly $56 billion in assets under management. Clients of the Firm include a global institutional investor base domiciled in North America, Europe, Asia-Pacific, Middle East and Latin America.
Under direction of the Director, Head of Information Security, Global CISO, the candidate will support and assist on Harrison Street's (HS's) multi-faceted cybersecurity program. The candidate works with internal and external business partners, technology staff, and third-party vendors to drive the cybersecurity strategy, manage tactical cybersecurity initiatives, and complete day to day cybersecurity related tasks. Further, the candidate will assist in external communications and maintain reporting requirements with the security program to maintain a best-in-class program in a regulated environment. Attention to detail, ownership, accountability, and critical thinking skills are required.
Responsibilities50% HS 3rd Party / External Cybersecurity Program Management Manage 3rd party vendor cybersecurity assessments, risk tracking, and other activities. Leads cybersecurity conversations with vendors to provide ongoing monitoring and control enforcement of required controls. Lead execution of cybersecurity audits on HS Operating Partners and other 3rd party partners and managers. With input from the CISO, as needed, oversees and improves the cybersecurity maturity models, risk ratings, and internal/external facing audit output templates. Works to understand the evolving cybersecurity risk at the asset, JV, and manager levels and continually enhances the program to mitigate. Builds a working relationship with third party partners to provide advisory input, cybersecurity posture and potential enhancements. Works with internal stakeholders to prioritize audits and conducts follow up debrief calls with operating partners. Provides input into third party audit requests and generates evidence as needed. 25% Documentation, Configuration, Technical Writing, and Communication Provide input to and assist with the updates of policies, procedures, and other program related documentation. Assist with the configuration & oversight of cybersecurity tools & platforms. With support from the CISO as needed, produce executive level documentation, audit reports, analysis, technical writings, and communication. Effectively communicate with executives, business level stakeholders, employees, operating partners, and vendors. Communicate details around complex topics Set and manage realistic and appropriate expectations 20% HS Cybersecurity Program Management Support Assist in maintaining a program aligned to the NIST cybersecurity framework, SEC and other regulatory guidance, and industry best practices. Assist with the evaluation, mitigation, and reporting of information security risks within Harrison Street. Provide input into firmwide risk meetings; participates in quarterly security strategy and risk management meetings, as appropriate. Assist with the improvement of Harrison Street's existing cybersecurity toolset by planning and executing on toolset enhancements, as appropriate. Assists with monitoring threats, responding to incidents, and taking preventative measures. Assists with audits, e.g., SOX, data privacy and regulatory compliance, and other initiatives. Leverages IT tools to support audit artifact requests. 5% Miscellaneous Attend meetings and serve on committees, as requested. Maintain and increase knowledge and skills through attendance at meetings, conferences, training seminars and in-service training sessions.
Qualifications: 3+ years of experience in a regulated mid-market technology environment. Bachelor's Degree in a technical discipline such as Information Security, Computer Science, Information Services, or related field. Experience with Program and Project Management. Security certifications such as CISSP, CISA, or CISM preferred. Knowledge of PCI-DSS, HIPAA, HITRUST, and SSAE 18 SOC 1 & 2 preferred. Experience with various hardware, software, and communications products preferred. Knowledge of data communications and network security fundamentals preferred. Knowledge of database fundamentals preferred. Knowledge of platform and system integrations preferred. Knowledge of Enterprise Architecture design preferred. Knowledge of M&A diligence and integrations preferred.
Required Skills Must be able to evaluate critical problems and determine solutions. Must have excellent written and verbal communication skills. Must be able to interpret and apply relevant laws, regulations and policies. Must be able to read and understand technical manuals. Must be able to work for extended time at keyboard/terminal. Must be able to maintain professional and effective working relations with supervisors, co-workers. Must be able to work flexible hours, including weekends and evenings. Must be able to learn new skills and technologies.
Required Travel Ability to travel up to 10%
Information Security Analyst III
Information Security Analyst Job 24 miles from Rolling Meadows
The United Center, a premiere sports and entertainment facility and home of the Chicago Blackhawks and the Chicago Bulls, is looking for someone with a passion for IT Security and technology to fill a key role as the Information Security Analyst III.
General Responsibilities:
The responsibility of the Information Security Analyst III role is to support the Information Security roadmap and contribute to the delivery of secure systems, solutions, applications, and regulatory and risk requirements. The right candidate possesses wide expertise in Information Security and will focus on threat intelligence, mitigation, risk/vulnerability management, and incident response.
Specific Duties:
Assume ownership for all escalated IT Security related incidents
Use automation and security first principles daily
Ensure that information security requirements are built into projects, applications, and solutions with cross functional stakeholders
Participate in the evaluation of hardware and software architectures for security risks and develop remediation plans for identified vulnerabilities
Analyze existing operational standards, processes, and/or governance to identify and implement improvements
Develop and update information security policies and procedures as needed
Ensure compliance with audit, regulatory, and legal requirements
Build and maintain effective relationships with peers and partners
Maintains knowledge of security trends, threats, and attack techniques
Complete third-party security assessments
Generate weekly reports on Information Security
Requirements:
Bachelor's degree in Information Security, or equivalent
4+ years of experience in Information Security Engineer role
Proficiency in various security systems
Proficiency in designing, implementing, and maintaining security solutions
Proficiency with cloud-based solutions and web related technologies
Highly disciplined and able to work independently and without direct supervision
Exceptional written and oral communication skills
Excellent time management and organizational skills
Education:
Bachelor's Degree in Computer Science, or related field
Specific Job Knowledge, Skill, and Ability:
Innovation - Displays original thinking and creativity, meets challenges with resourcefulness. generates suggestions for improving work, develops innovative approaches and ideas, and presents ideas and information in a manner that gets others' attention
Problem Solving - Identifies and resolves problems in a timely manner, gathers and analyzes information skillfully, develops alternative solutions, and works well in group problem solving situations
Project Management - Develops project plans, coordinates information security projects, communicates changes and progress, completes projects on time and within budget
Language Skills - Ability to read, analyze and interpret the most complex documents
Math Skills - Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, percentages and draw and interpret bar graphs
Reasoning Ability - Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems. Ability to deal with nonverbal symbolism
B enefits:
Competitive Salary
Benefit package including Medical, Dental, Vision, Life Insurance, etc.
Traditional and Roth 401K options (with company match)
Generous PTO
Fantastic Fringe Benefits
Information Security Analyst
Information Security Analyst Job 17 miles from Rolling Meadows
As a member of the IT Security, Governance and Service Delivery team you will actively work with the Global IT team and other business partners. The position is responsible for participating in or leading the investigations, mitigation and resolution of information security events, alerts and incidents, performing security vulnerability and risk assessments, monitoring and measuring information security compliance, defining security requirements for various IT projects and testing and validation of security controls.
Key Responsibilities
* Proactive monitoring of the IT environment for security incidents, risks, and weakness.
* Respond to security alerts from multiple sources; includes triage, containment, and remediation.
* Performing information security incident response and investigations alongside other members of the Global IT team and other functional departments.
* Perform security vulnerability and risk assessments of information systems.
* Conduct various audits and coordinate information security assessments by third party partners.
* Defining security control requirements as a member of various IT project teams
* Testing and validation of security controls.
* Participate in the development of information security policies and standards.
* Monitor external standards and best practices for Cybersecurity program advancements.
Skills and Experience Requirements
* Degree in Computer Science, IT Security or related field or equivalent work experience
* 3+ years' work experience in the information security field
* One or more of the following Information Security Certifications, or equivalent, preferred:
+ (ISC)2 System Security Certified Practitioner
+ (ISC)2 Certified Information Systems Security Professional
+ (ISC)2 Information Systems Security Architecture Professional
+ GIAC Security Essentials Certification
+ GIAC Security Leadership Certification
+ ISACA Certified Information Security Manager
+ Microsoft Certified Systems Engineer: Security
+ Certified Information Systems Security Professional (CISSP)
+ Certified Information Security Manager (CISM)
* Strong technical knowledge of information systems including networking and telecommunications, Microsoft Windows Domains, application security, database security, etc.
* Knowledge of vulnerability and risk assessment methodologies and experience performing these assessments
* Good knowledge of information security practices, principles and standards (e.g. ISO, NIST)
* Strong organizational skills and multi-tasking capabilities in a fast-paced environment
Other Requirements
* Strong analytical and problem solving abilities
* Ability to effectively prioritize and execute tasks in a high-pressure environment
* Project Management
* Strong communications skills with the ability to present effectively verbally and in writing to small and large audiences
* Ability to work cooperatively in a team environment
#LI-HYBRID
Information Security Analyst
Information Security Analyst Job 21 miles from Rolling Meadows
SUMMARY: The Information Security Analyst actively protects the credit union's technology assets and member financial data from external and internal threats. Establishes and maintains processes and controls that protect confidential credit union data and systems. Maintains proper configuration, health, and effectiveness of credit union data security systems and applications.
ESSENTIAL FUNCTIONS:
Assists Data Security Administrator to research, recommend, evaluate and implement Information Security solutions
Working with the Data Security Administrator, oversees the credit union's access controls and information sharing methods
Delivers insight and direction into credit union's antivirus and malware defenses
Recommends strategies to the Data Security Administrator for the credit union's efforts in vulnerability assessment and internal penetration testing
Works with the Data Security Administrator to provide security training directly to staff
Assists the Data Security Administrator with conducting simulated phishing campaigns and area audits
Provides support for the credit union's Information Security and GLBA external audits
Performs remedial actions as a result of threat and vulnerability assessments or audits
Swiftly responds to and remediates security events
Works with the Data Security Administrator to monitor the credit union's security alerts
Documents and maintains data security policies and procedures
Assists the Data Security Administrator to implement and maintain the credit union's Malware Prevention, Data Loss Prevention, and Intrusion Detection and Intrusion Prevention systems
Monitors and analyzes unusual or suspicious activity and makes recommendations for resolution
Prepares and analyzes security incident and event log reporting
Works with, and may be asked to assist the Information Technology area, to support staff technology needs
Assists with Information Security projects, initiatives or workgroups as assigned which may include Event Log management, Identity and Access management, Risk and Control assessment, and Threat and Vulnerability management
Other duties as may be assigned
QUALIFICATIONS:
Education Required: High School Diploma or equivalent (GED)
Education Preferred: Bachelor's degree in Information Security, Information Systems, Computer Science, Risk Management or related field
Experience Required: Two (2) years of experience in an Information Security, Information Technology, or Risk Management position. CEH, CISSP, or CISM Certification may be substituted for experience.
Experience Preferred: Three (3) years of experience in Information Security.
Knowledge, Skills and Abilities (KSAs):
Ability to perform job functions independently
Ability to work as part of a team
Ability to verbally communicate effectively with internal and/or external members
Ability to use computers and job-specific technology/software efficiently
Maintains confidentiality
Performs responsibilities with composure, quality and accuracy under stress of deadlines/requirements
TRAVEL: Up to 10% local travel
Information Security GRC Analyst
Information Security Analyst Job In Rolling Meadows, IL
The Role
We're looking for an Information Security Governance, Risk & Compliance Analyst to join our growing Information Security team. This role will be reporting to the Manager of Information Security Governance, Risk & Compliance. Our security team works to create a strong Information Security function within GTI that enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analyst is responsible for maintaining continuous compliance with security policies, industry laws, and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partners and team members to help raise the level of security awareness, security compliance, and security risk. The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks and assist with the deployment of various controls based on those assessments. This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management.
This is a hybrid position and requires onsite work 1-2 days per week at our Rolling Meadows office.
Responsibilities
Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken.
Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks.
Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs.
Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.).
Assist with ongoing internal operations and tasks, including ITGC security reviews.
Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI's business.
Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST.
Lead the identification of security training and awareness initiatives for the organization.
Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises.
Maintain KPIs and KRIs for Information Security risk & compliance activities.
Execute tasks as a member of the Information Security team as assigned by management.
Provide mentorship and guidance to Associate Information Security GRC Analysts.
Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness.
Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting.
Qualifications
3+ years of experience with responsibilities relating to security and compliance.
Bachelor's degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted.
Strong written and oral communication skills.
Strong conceptual understanding of Information Security theories.
Knowledge of network, application, and cloud security controls.
Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX.
Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks.
Security certifications, such as CRISC, CISA are preferred, but not required.
We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles.
This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process.
An insatiable intellectual curiosity and the ability to learn quickly in a complex space.
Additional Requirements
Must pass any and all required background checks
Must be and remain compliant with all legal or company regulations for working in the industry
Must possess valid driver's license
Must be a minimum of 21 years of age
#LI-HYBRID
Analyst, Information Security (Hybrid)
Information Security Analyst Job 17 miles from Rolling Meadows
If you are a current Chamberlain Group employee, please click here to apply through your Workday account.
Chamberlain Group is a global leader in access solutions with top brands, such as LiftMaster and Chamberlain, found in millions of homes, businesses, and communities worldwide.
As a leader in the Smart Home industry, we boast one of the largest IoT install bases, with innovative products consisting of cameras, locks, card readers, garage door openers, gates and more, all powered by our myQ digital ecosystem.
This role is responsible for the IT security of Chamberlain's sister companies and assisting in the overall cybersecurity domain of Chamberlain's enterprise network. This role will be responsible for security intel, industry best practices, prevention, and incident detection, triage, and response. In addition, this role will participate in the design of security use cases based on business requirements and log availability along with security tool administration and configuration. This role will also work closely with enterprise and connected products IT, development and engineering teams to achieve security objectives and goals.
Participate in the research of new threats, attacks, and risks to CG infrastructure and software; identify, collect and organize credible, new intelligence and subject matter relative to current and emerging threats using all the tools, applications and open-source information available
Initiate and track remediation actions to ensure Chamberlain's business objectives are met
Keep current with security industry best practices that apply to Chamberlain per IT strategy and roadmap to prevent incidents
Participate in security project management initiatives, involving the development and configuration of security tools
Acts as part of the team to triage alerts with SIOC (Security intelligence and Ops Center); participate in the following: detect, analyze, escalate, and remediate security events and incidents to senior staff
Create or update detailed operational processes and procedures related to Security Incident Management
Participate in training IT and engineering staff on information security best practices, processes, tools, and procedures
Communicate and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise
Address questions from internal and external audits and examinations, including providing requested compliance reporting
Learn and utilize various security tools including SIEM, IDS/IPS, Anti-Malware software, Advanced threat protection, Vulnerability management, and MSFT cloud products
Protect CG's reputation by keeping information confidential
Maintain professional and technical knowledge by attending educational workshops, professional publications, establishing personal networks, and participating in professional societies
Contribute to the team effort by accomplishing related results and participating on projects as needed
Education/Certifications:
Bachelor degree in Computer Science or related area; demonstrated progression toward security certifications
Experience:
1-4 years of related and progressive IT and Security experience
Knowledge, Skills, and Abilities:
Security tools
Other:
Able to travel up to 10% - domestically and internationally
Preferred Qualifications
Education/Certifications:
Experience:
Experience working in a matrix environment
Experience in continuous improvements and agile methodology
Experience working within an IoT services organization
Knowledge, Skills, and Abilities:
Strong personal interest in Security and Controls.
Knowledge of technical infrastructure, end points, networks, databases and systems in relation to IT Security and IT Risk
Knowledge of NIST 800:53, ISO 27001, 27002, 27005, and other frameworks
Knowledge of Microsoft security toolsets (ATP, Defender, Security Center)
Knowledge of SIEM products (QRadar, Sentinel, Splunk)
Detail oriented with strong organizational skills to meet deadlines, complete tasks and respond to customer and or partner needs
Ability to work independently, take follow-up on project deliverables, go above and beyond the task at hand
Excellent analytical, organizational and communication skills Demonstrated ability to facilitate cross functional teams
Ability to effectively prioritize and execute tasks in a complex environment
Strong Communication, presentation, analytical and problem-solving
#LI-Hybrid
#LI-JM2
Chamberlain Group wants all of its employees to succeed and encourages people of all backgrounds to apply. We're proud to be an Equal Opportunity Employer, and you'll be considered for this role regardless of race, color, religion, sex, national origin, age, sexual orientation, ancestry; marital, disabled or veteran status. We're committed to fostering an environment where people of all lived experiences feel welcome.
Persons with disabilities who anticipate needing accommodations for any part of the application process may contact, in confidence **************************.
NOTE: Staffing agencies, headhunters, recruiters, and/or placement agencies, please do not contact our hiring managers directly.
Information Security SOC Analyst
Information Security Analyst Job 9 miles from Rolling Meadows
Wintrust is a financial holding company with approximately $50 billion assets under management and traded on the NASDAQ:WTFC. Built on the "HAVE IT ALL" model, Wintrust offers sophisticated technology and resources of a large bank while focusing on providing service-based community banking to each and every customer. Wintrust operates fifteen community bank subsidiaries with over 170 banking locations in the greater Chicago and southern Wisconsin market areas. Additionally, Wintrust operates various non-bank business units including commercial and life insurance premium financing, short-term accounts receivable financing, out-sourced administrative services, mortgage origination and purchase, wealth management services and qualified intermediary services for tax-deferred exchanges.
Why join us?
An award-winning culture! We are rated a Top Workplace by the Chicago Tribune (past 10 years) and Employee Recommended award by the Globe & Mail (past 6 years)
Competitive pay and discretionary or incentive bonus eligible
Comprehensive benefit package including medical, dental, vision, life, a 401k plan with a generous company match and tuition reimbursement to name a few
Promote from within culture
Why join this team?
This position has the opportunity to interface with and have a positive impact on multiple areas of Wintrust's business
We hold ourselves accountable to high standards, share wins, operate ethically, and have fun
Position Overview
The ideal candidate will have at least 3-5 years of technical experience in Information Security and/or Information Technology with at least 2 of those years in Security Operations (Incident Response/Handling, DFIR). The SOC Analyst will perform responsibilities as an incident responder for Wintrust's Security Operations Center (SOC), performing technical investigations of security incidents, enhancing incident response procedures, and contributing to overall security strategy.
What You'll Do
Monitor security alerts and notifications using Security Information and Event Management (SIEM) system, Endpoint Detection and Response (EDR) and other security system.
Manage Report Phishing mailbox and work with users to answer questions and remediate issues as needed
Review and analyze logs and security events from various sources, including network devices, servers, and applications.
Quality Assurance (QA) of work documented by service provider to ensure all steps of process are documented and tickets handled as instructed.
Document security incidents, investigations, and responses in detail.
Maintain accurate records of incidents and actions taken for future reference and reporting.
Collaborate with other IT and security teams to ensure effective incident management and resolution.
Qualifications
Experience in Incident Response, Incident Handling and Security Operations
Perform investigation and escalation for complex or high severity security threats or incidents
Knowledge in the use of SIEM technologies for event investigation
Coordinate evidence/data gathering and documentation and review Security Incident reports
Benefits
Medical Insurance • Dental • Vision • Life insurance • Accidental death and dismemberment • Short-term and long-term Disability Insurance • Parental Leave • Employee Assistance Program (EAP) • Traditional and Roth 401(k) with company match • Flexible Spending Account (FSA) • Employee Stock Purchase Plan at 5% discount • Critical Illness Insurance • Accident Insurance • Transportation and Commuting Benefits • Banking Benefits • Pet Insurance
#LI-Hybrid
From our first day in business, Wintrust has been proud to serve a variety of unique communities and people from all walks of life. To be Chicago's Bank and Wisconsin's Bank , we need to reflect that diversity both in all the communities we serve, the people we employ, the organizations we work with, and our banking and lending practices. Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, disability, or status as a covered veteran or any other characteristic protected by law.