Director-Cyber Security Services
: Job Details :

This global company is a leader in Improving Society Through the Built Environment. They create solutions that produce economic, environmental and experiential benefits for their clients, many of whom are the biggest names in the worlds of business, technology - and beyond. They embrace technological change and are in the forefront of developing Intelligent Buildings. They emphasize innovation, adaptability and sustainability when providing mechanical, electrical, plumbing, fire protection, life safety and technology engineering. They are looking for a Practice Leader or Director for their Cyber Security Services Group in their Chicago office who wants to join us in Improving Society Through the Built Environment. Collectively, they apply their knowledge, expertise, and critical thinking skills to develop solutions impacting people's health, comfort, productivity, safety, and connectivity. They are able to make a difference for their clients and society-at-large within a framework of regulations, budget and schedule realities, and at the speed of change. This requires their team to collaborate, continuously improve, and innovate to earn trust among their colleagues and clients. If you are a person who enjoys making a difference for your colleagues and clients through excellence - this is an opportunity for you to apply your knowledge, work with some of the world's highest-profile clients, enjoy social and charitable activities, and build your career.Essential duties and responsibilities:They are seeking a world class security expert to build the business strategy and lead a team of ethical hackers to conduct application security/penetration tests of their clients as it relates to their building's infrastructure systems (HVAC, Lighting, and so on), internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to their clients through presentations and reports.Required skills:Experience conducting vulnerability assessments, code reviews and Manual penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (for example, SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 and so on).Knowledge of network and Web related protocols/technologies especially as it relates to building systems such as HVAC controls, lighting controls, and building operating systems.Ability to demonstrate manual web application testing experience.Experience with web application vulnerability scanning tools (for example, IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro and so on).Experience with vulnerability assessment tools and penetration testing techniques (for example, web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI and so on).Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services.Demonstrated ability to learn and apply critical thinking to a variety of situations.Bonuses + full comprehensive benefits