Staff Security Engineer

3 days ago

Chicago, IL, United States Tech Tammina Full time
MUST HAVE STRONG:

  • 7+ years in Cybersecurity roles, with at least 3 years specializing in Attack Surface Management.
  • 5+ years of hands-on experience with Qualys ASM Platform (mandatory).
  • 5+ years of experience with cloud platforms (AWS, Azure, or GCP) and securing cloud-based assets.
We are seeking an External Attack Surface Management Staff Security Engineer to lead our efforts in identifying, analyzing, and mitigating risks associated with our organization's internet-facing assets. This critical role ensures that external assets, services, and endpoints are continuously monitored, assessed, and protected against emerging threats. The ideal candidate will have a strong background in cybersecurity, deep expertise with Qualys ASM Platform (mandatory), and a proactive approach to managing risks.

Key Responsibilities:

Attack Surface Discovery and Inventory -
  • Leverage Qualys ASM Platform and advanced tools to identify external-facing assets such as cloud resources, domains, subdomains, APIs, and third-party integrations.
  • Maintain an up-to-date inventory of all external assets and ensure continuous monitoring for changes or exposures.
Vulnerability Identification and Remediation -
  • Conduct regular scans and assessments using Qualys ASM to identify vulnerabilities across the attack surface.
  • Collaborate with internal teams to prioritize and remediate vulnerabilities promptly.
  • Automate vulnerability detection and notification processes.
Risk Assessment and Threat Analysis -
  • Analyze risks associated with identified vulnerabilities and provide actionable recommendations to mitigate exposure.
  • Monitor emerging threats targeting external assets and take proactive measures to address them.
Incident Response and Escalation -
  • Act as the Subject Matter Expert (SME) for incidents involving external-facing assets.
  • Provide analysis and recommendations during incident response and forensic investigations.
Tool Management and Automation -
  • Manage and optimize Qualys ASM Platform, including configuration, updates, and integration with other security tools (e.g., SIEM, SOAR).
  • Develop scripts or workflows to automate attack surface discovery and monitoring.
Collaboration and Stakeholder Engagement -
  • Partner with development, DevOps, IT, and third-party vendors to secure external assets throughout their lifecycle.
  • Provide training and awareness on attack surface management best practices.
Policy and Governance -
  • Enforce security policies, standards, and guidelines for external assets.
  • Conduct regular security assessments and audits to mitigate risks and maintain compliance with regulations (e.g., PCI DSS, HIPAA, SOX).
Reporting and Metrics -
  • Develop reports and dashboards highlighting vulnerabilities, risk trends, and remediation progress.
  • Track and communicate KPIs to measure the effectiveness of the attack surface management program.
Preferred Qualifications:
  • Strong understanding of networking, DNS, web applications, APIs, and common vulnerabilities (e.g., OWASP Top 10).
  • Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation.
  • Experience with vulnerability management and penetration testing methodologies.
  • Certifications such as CISSP, GSEC, GPEN, OSCP, or Qualys VMDR/CSAM are highly desirable.
  • Excellent communication, reporting, and problem-solving skills.

  • Staff Product Security Engineer

    3 days ago

    Chicago, IL, United States PayPal Full time

    The Company PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. We operate a global, two-sided network at scale...

  • Cyber Security Engineer

    7 days ago

    Chicago, IL, United States Yeah! Global Full time

    About the job Cyber Security Engineer - Chicago Note: This job does not offer any Visa sponsorship. We are looking for applicants already living in the USA.Overview: Our client is seeking a highly skilled and motivated Cyber Security Engineer to their dynamic team. As a Cyber Security Engineer, you will be responsible for protecting our organization's...

  • Cyber Security Engineer

    17 hours ago

    Chicago, IL, United States Yeah! Global Full time

    About the job Cyber Security Engineer - Chicago Note: This job does not offer any Visa sponsorship. We are looking for applicants already living in the USA.Overview: Our client is seeking a highly skilled and motivated Cyber Security Engineer to their dynamic team. As a Cyber Security Engineer, you will be responsible for protecting our organization's...

  • Cyber Security Engineer

    1 week ago

    Chicago, IL, United States Yeah! Global Full time

    About the job Cyber Security Engineer - Chicago Note: This job does not offer any Visa sponsorship. We are looking for applicants already living in the USA.Overview: Our client is seeking a highly skilled and motivated Cyber Security Engineer to their dynamic team. As a Cyber Security Engineer, you will be responsible for protecting our organization's...

  • Cyber Security Engineer

    3 days ago

    Chicago, IL, United States Yeah! Global Full time

    About the job Cyber Security Engineer - Chicago Note: This job does not offer any Visa sponsorship. We are looking for applicants already living in the USA.Overview: Our client is seeking a highly skilled and motivated Cyber Security Engineer to their dynamic team. As a Cyber Security Engineer, you will be responsible for protecting our organization's...

  • Cyber Security Engineer

    2 weeks ago

    Chicago, IL, United States Yeah! Global Full time

    About the job Cyber Security Engineer - Chicago Note: This job does not offer any Visa sponsorship. We are looking for applicants already living in the USA.Overview: Our client is seeking a highly skilled and motivated Cyber Security Engineer to their dynamic team. As a Cyber Security Engineer, you will be responsible for protecting our organization's...

  • Staff Software Engineer- Salesforce

    1 day ago

    Chicago, IL, United States Okta, Inc. Full time

    Get to know OktaOkta is The World's Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth. At Okta, we celebrate a variety of...

  • Staff Cybersecurity Engineer

    17 hours ago

    Chicago, IL, United States Corient Careers Full time

    Description At Corient, we help high- and ultra-high-net-worth individuals and families to enjoy a full life, while enabling them to preserve their wealth for future generations, and provide for the people, causes and communities they care about. We focus on exceeding expectations, simplifying lives, and establishing legacies that last for generations. We...

  • Staff Cybersecurity Engineer

    3 days ago

    Chicago, IL, United States Corient Careers Full time

    Description At Corient, we help high- and ultra-high-net-worth individuals and families to enjoy a full life, while enabling them to preserve their wealth for future generations, and provide for the people, causes and communities they care about. We focus on exceeding expectations, simplifying lives, and establishing legacies that last for generations. We...

  • Staff Cybersecurity Engineer

    2 weeks ago

    Chicago, IL, United States Corient Careers Full time

    Description At Corient, we help high- and ultra-high-net-worth individuals and families to enjoy a full life, while enabling them to preserve their wealth for future generations, and provide for the people, causes and communities they care about. We focus on exceeding expectations, simplifying lives, and establishing legacies that last for generations. We...