Practice Leader or Director-Cyber Security Services-Chicago

A global company, ESD is a leader in Improving Society Through the Built Environment. We create solutions that produce economic, environmental and experiential benefits for our clients, many of whom are the biggest names in the worlds of business, technology — and beyond. We embrace technological change and are in the forefront of developing Intelligent Buildings. We emphasize innovation, adaptability and sustainability when providing mechanical, electrical, plumbing, fire protection, life safety and technology engineering. For more information, please visit www.esdglobal.com.

Position Summary

We are looking for a world class security expert to serve as Practice Leader or Director for our Chicago Cyber Security Services Group. In this role, you will build our business strategy and lead a team of ethical hackers to conduct application security/penetration tests for our client's building infrastructure systems (e.g. HVAC and lighting), internal/external web, mobile and web service applications, leveraging both manual techniques and automated tools in order to uncover and report security vulnerabilities. In this role, you are also responsible to understand and communicate business risks and common security vulnerabilities to clients via presentations and reports.

Essential duties and responsibilities

  • Possess experience conducting vulnerability assessments, code reviews and manual penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, and SANS Top 25)
  • Knowledge of network and web related protocols/technologies r elated to building systems such as HVAC controls, lighting controls, and building operating systems
  • Able to demonstrate manual web application testing experience
  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers and SoapUI)
  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM
  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
  • Expertise and detailed technical knowledge in at least 3 of these areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
  • Proven ability to learn and apply critical thinking to a variety of situations

Qualifications / Skill-sets

  • Possess one or more of these certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
  • Experience as a developer
  • Mobile programming abilities such as Xcode, Objective-C
  • Knowledge of a Structured Query Language
  • Provide leadership in marketing the Cyber Security Practices portfolio and supports marketing, sales plans, and business development: •Oversees the marketing of the practices thought leadership specifically, building capabilities, experiences, and results/impacts, by positioning ESD’s brand of quality and value
  • Responsible to build and grow strategic client relationships and serve as a senior technical point of contact with key clients
  • Responsible to meet or exceed new business revenue and sales targets for: sales growth, increased market share; and to build a diversified client base
  • Help team members identify and close opportunities through customer meetings and presentations to impact sales
  • Develop guiding principles, standards and best practice guidelines for team

Education / Certification / Experience

  • Bachelor of Science Degree in Computer Science from a four-year college or university
  • Masters Degree in Cyber Security and eight years of network/Web/Infrastructure security experience; or equivalent combination of education and experience
  • Systems and physical security experience with familiarity of information security and physical security regulations is a plus

AA / EE / Veterans / Disability

We are an equal-opportunity employer.