Looking for Infosec/AppSec Engineer in Chicago

cyberguyprcyberguypr Mod Posts: 6,928 Mod
TE minions,

We are having a hard time filling this position. We either get people who want to break into Infosec or folks wanting the consulting lifestyle which is not what we offer. Currently looking for someone to deal with:
- performing vulnerability assessments
- assisting with mitigation of vulnerabilities
- light pen testing
- risk management
- operational intelligence
- incident response + forensics
- security policy creation/maintenance
- evaluate new controls

Role is a hybrid Infosec Engineer primarily focused on AppSec but needs to be able to cover areas of expertise for other team members. Role is in the Loop, business hours, minimal travel, established company, good benefits.

If interested please ping me for details.

Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    what's 'the consulting lifestyle' ?

    Solid position, wish I had this kind of experience.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    I feel your pain. Very (very very) hard time filling cloud & security positions in my area. Either n00bs with no experience (but lots of desire to "make the big bucks in the hottest thing in the world") or people looking to get out of consulting & into a steady, full time job but who still want to work from home 5 days a week and make a consultants salary.
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    It always goes back to the question. How do you get experience with no experience? How did you shed your n00bishness?

    As far as the InfoSec posting, are you willing to train the right individual? if no, why not? I am not suggesting me, just asking a question. Maybe your job posting isn't clear enough so you keep getting underqualified applicants. It seems to me that those items are things done daily in my current job but I'm not in "InfoSec." I'm working as a Sys Admin and have to concern myself with all tall of it.

    Regards
    “I do not seek answers, but rather to understand the question.”
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    I fill those requirements. But I'm out of state, do you offer remote telecommuniting, or work from home? I've performed all those functions in various roles. I could send you my linked in profile if you are interested in taking a look.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Unfortunately although some remote is possible, 100% remote is not.

    We are not willing to train for the sole reason that we run a balanced team. We recently hired a person fresh out of college and another one with limited experience that are being developed into masters of all things Infosec. We have Jr. and Sr. positions and in this particular case we are hiring for the senior one. Our posting is very clear indicating this is an expert level position with at least 4 years dedicated Infosec experience, technology related degree, CISSP, and hands-on experience on several areas.

    It is a fact that some people are desperate for anything Infosec related and are spraying resumes like crazy. Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR. I could go on an on with examples.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    It was worth a try :).
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    That makes sense. Those requirements seem pretty specific. Do you use recruiters at all? I am asking for somewhat selfish reasons. I want to break into Infosec as a dedicated career and feel I have a lot of the background necessary to perform well. It just seems like the barrier for entry is really high. I like doing Sys Admin work but I always gravitate towards the security aspects of what I do.
    “I do not seek answers, but rather to understand the question.”
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    I have a love affair with the city of Chicago. Good luck in your search!
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    That's fair, you need experienced people to lead the team, fix escalated issues and mentor those who want to break into security.

    I'm still interested to know, what kind of unreasonable requests the consultants have? work from home everyday?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Robertf969Robertf969 Member Posts: 190
    cyberguypr wrote: »

    It is a fact that some people are desperate for anything Infosec related and are spraying resumes like crazy. Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR. I could go on an on with examples.

    Those people applying is probably why it takes 3-4 weeks to get calls on positions I apply for.
  • ratbuddyratbuddy Member Posts: 665
    cyberguypr wrote: »
    Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR.

    Wow, sounds like a crappy dev. I've been one for just over a year, and I know all that and then some :-/
  • nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    Hows it working in the city? I'm going to be in Chicago next week for SANS, maybe we can talk then, I'm not sure I'm quite ready to move back though.
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□

    I have the experience, the worth a try comment was a response to the lack of work from home opportunity or work remote since I'm in a different state :)
Sign In or Register to comment.