Practice Leader or Director-Cyber Security Services-Chicago

A global company, ESD is a leader in Improving Society Through the Built Environment. We create solutions that produce economic, environmental and experiential benefits for our clients, many of whom are the biggest names in the worlds of business, technology — and beyond. We embrace technological change and are in the forefront of developing Intelligent Buildings. We emphasize innovation, adaptability and sustainability when providing mechanical, electrical, plumbing, fire protection, life safety and technology engineering. For more information, please visit

Position Summary

We are looking for a Practice Leader or Director for our Cyber Security Services Group in our Chicago office who wants to join us in Improving Society Through the Built Environment. Collectively, we apply our knowledge, expertise, and critical thinking skills to develop solutions impacting people’s health, comfort, productivity, safety, and connectivity. 

We are able to make a difference for our clients and society-at-large within a framework of regulations, budget and schedule realities, and at the speed of change. This requires our team to collaborate, continuously improve, and innovate to earn trust among our colleagues and clients. 

If you are a person who enjoys making a difference for your colleagues and clients through excellence – this is an opportunity for you to apply your knowledge, work with some of the world’s highest-profile clients, enjoy social and charitable activities, and build your career.

Essential duties and responsibilities

​ESD is seeking a world class security expert to build the business strategy and lead a team of ethical hackers to conduct application security/penetration tests of our clients as it relates to their building’s infrastructure systems (HVAC, Lighting, etc…), internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to our clients through presentations and reports.

Required Skills:

  • Experience conducting vulnerability assessments, code reviews and Manual penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
  • Knowledge of network and Web related protocols/technologies especially as it relates to building systems such as HVAC controls, lighting controls, and building operating systems
  • Ability to demonstrate manual web application testing experience
  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM
  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
  • Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
  • Demonstrated ability to learn and apply critical thinking to a variety of situations

Qualifications / Skill-sets

  • One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
  • Experience as a developer
  • Mobile programming abilities such as Xcode, Objective-C
  • Knowledge of a Structured Query Language
  • Provides leadership in marketing the Cyber Security Practices portfolio and supports marketing, sales plans, and business development: 
  • Oversees the marketing of the practices thought leadership specifically, building capabilities, experiences, and results/impacts, by positioning ESD’s brand of quality and value 
  • Responsible for building and growing strategic client relationships and serving as a senior technical point of contact with key clients
  • Responsible for meeting or exceeding the new business revenue and sales targets for: growth in sales; increased market share; and building a diversified client base
  • Assist team members with sales in identifying and closing opportunities through customer meetings and presentations
  • Develops guiding principles, standards and best practices for team members

Education / Certification / Experience

  • Bachelor’s of Science in Computer Science degree from a four-year college or university 
  • Masters Degree in Cyber Security and eight years’ network/Web/Infrastructure security experience; or equivalent combination of education and experience 
  • Systems and physical security experience with familiarity of information security and physical security regulations is a plus

AA / EE / Veterans / Disability

We are an equal-opportunity employer.