Looking for Infosec/AppSec Engineer in Chicago

cyberguypr · August 2015

TE minions,

We are having a hard time filling this position. We either get people who want to break into Infosec or folks wanting the consulting lifestyle which is not what we offer. Currently looking for someone to deal with:
- performing vulnerability assessments
- assisting with mitigation of vulnerabilities
- light pen testing
- risk management
- operational intelligence
- incident response + forensics
- security policy creation/maintenance
- evaluate new controls

Role is a hybrid Infosec Engineer primarily focused on AppSec but needs to be able to cover areas of expertise for other team members. Role is in the Loop, business hours, minimal travel, established company, good benefits.

If interested please ping me for details.

UnixGuy · August 2015

what's 'the consulting lifestyle' ?

Solid position, wish I had this kind of experience.

636-555-3226 · August 2015

I feel your pain. Very (very very) hard time filling cloud & security positions in my area. Either n00bs with no experience (but lots of desire to "make the big bucks in the hottest thing in the world") or people looking to get out of consulting & into a steady, full time job but who still want to work from home 5 days a week and make a consultants salary.

alias454 · August 2015

It always goes back to the question. How do you get experience with no experience? How did you shed your n00bishness?

As far as the InfoSec posting, are you willing to train the right individual? if no, why not? I am not suggesting me, just asking a question. Maybe your job posting isn't clear enough so you keep getting underqualified applicants. It seems to me that those items are things done daily in my current job but I'm not in "InfoSec." I'm working as a Sys Admin and have to concern myself with all tall of it.

Regards

TheFORCE · August 2015

I fill those requirements. But I'm out of state, do you offer remote telecommuniting, or work from home? I've performed all those functions in various roles. I could send you my linked in profile if you are interested in taking a look.

cyberguypr · August 2015

Unfortunately although some remote is possible, 100% remote is not.

We are not willing to train for the sole reason that we run a balanced team. We recently hired a person fresh out of college and another one with limited experience that are being developed into masters of all things Infosec. We have Jr. and Sr. positions and in this particular case we are hiring for the senior one. Our posting is very clear indicating this is an expert level position with at least 4 years dedicated Infosec experience, technology related degree, CISSP, and hands-on experience on several areas.

It is a fact that some people are desperate for anything Infosec related and are spraying resumes like crazy. Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR. I could go on an on with examples.

TheFORCE · August 2015

It was worth a try

.

alias454 · August 2015

That makes sense. Those requirements seem pretty specific. Do you use recruiters at all? I am asking for somewhat selfish reasons. I want to break into Infosec as a dedicated career and feel I have a lot of the background necessary to perform well. It just seems like the barrier for entry is really high. I like doing Sys Admin work but I always gravitate towards the security aspects of what I do.

YFZblu · August 2015

I have a love affair with the city of Chicago. Good luck in your search!

UnixGuy · August 2015

That's fair, you need experienced people to lead the team, fix escalated issues and mentor those who want to break into security.

I'm still interested to know, what kind of unreasonable requests the consultants have? work from home everyday?

Robertf969 · August 2015

cyberguypr wrote: »

It is a fact that some people are desperate for anything Infosec related and are spraying resumes like crazy. Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR. I could go on an on with examples.

Those people applying is probably why it takes 3-4 weeks to get calls on positions I apply for.

ratbuddy · August 2015

cyberguypr wrote: »

Example: for this role we had a developer apply that had no idea what symmetric vs. asymmetric encryption was, couldn't tell a router from a switch, and couldn't differentiate XSS and CSFR.

Wow, sounds like a crappy dev. I've been one for just over a year, and I know all that and then some :-/

nelson8403 · August 2015

Hows it working in the city? I'm going to be in Chicago next week for SANS, maybe we can talk then, I'm not sure I'm quite ready to move back though.

TheFORCE · August 2015

NetworkNewb wrote: »

Funny video on going after jobs without the experience listed

Question: How Do You Get Enough Experience to Apply for Programming Jobs? | Eli the Computer Guy

I have the experience, the worth a try comment was a response to the lack of work from home opportunity or work remote since I'm in a different state

Looking for Infosec/AppSec Engineer in Chicago

Comments