Heidrick & Struggles
Cybersecurity Specialist
Heidrick & Struggles, Chicago, Illinois, United States, 60290
Heidrick & Struggles (Nasdaq: HSII) is a premier provider of global leadership advisory and on-demand talent solutions, serving the senior-level talent and consulting needs of the world's top organizations. In our role as trusted leadership advisors, we partner with our clients to develop future-ready leaders and organizations, bringing together our services and offerings in executive search, diversity and inclusion, leadership assessment and development, organization and team acceleration, culture shaping and on-demand, independent talent solutions. Heidrick & Struggles pioneered the profession of executive search more than 70 years ago. Today, the firm provides integrated talent and human capital solutions to help our clients change the world, one leadership team at a time.®
Additional information on the firm can be found at www.heidrick.com.
Job Description:
Who We Are:
Heidrick & Struggles (Nasdaq: HSII) is a premier provider of global leadership advisory and on-demand talent solutions, serving the senior-level talent and consulting needs of the world's top organizations. In our role as trusted leadership advisors, we partner with our clients to develop future-ready leaders and organizations, bringing together our services and offerings in executive search, diversity and inclusion, leadership assessment and development, organization and team acceleration, culture shaping and on-demand, independent talent solutions. Heidrick & Struggles pioneered the profession of executive search more than 70 years ago. Today, the firm provides integrated talent and human capital solutions to help our clients change the world, one leadership team at a time.®
Additional information on the firm can be found at www.heidrick.com.
The Role:
The Cybersecurity Specialist is responsible for validating that technology services are designed and implemented with high security standards. The role manages and enhances the security of information systems in tandem with their underlying services, addresses legacy and emerging security issues, and implements repeatable operational countermeasures to mitigate risk of exploitation. Additionally, the Cybersecurity Specialist will assess the technical environment for weaknesses and find resolutions before they can be abused, while also participating as a technical subject matter expert in Cybersecurity Incident Response. Considered a highly knowledgeable individual, the Cybersecurity Specialist is expected to showcase to both internal and external clients, auditors, and Heidrick & Struggles management that security best practices are being adhered to. They are expected to provide reasonable assurance and recommend controls to ensure compliance with these standards.
Responsibilities:
Adopt, implement, and enhance security standards for technology services across our environment.Enforce rigorous security controls with internal and external constituents and follow through for verification and consistency.Work in tandem with architects, the security operations center (SOC), incident responders, technology infrastructure and software development team members.Provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by integrated security assessments.Participate in IT projects and change management committees. This includes interacting with business units, technical and non-technical teams to define how projects can be more secure from the beginning.Perform or assist with vulnerability assessments, penetration testing, client due diligence, vendor & product assessments, internal & external audits.Stay up to date with, and utilize security standards, implementation and configuration best practices, security frameworks, publications, and advisories.Participate in trainings and perform other duties assigned.Required Qualifications:
Highly technical and analytical with a proven, deep background in log analytics, detection engineering & incident response.At least 5+ years' experience working in an Information Security domain.Proven experience with network security technologies and protocolsExperience with SOAR, CASB, IAM, SIEM, DLP, WAF/RASP, SAST/SCA/DAST, EPP/EDR, Firewalls, UEM/MDM and other technology tools leveraged by security teams.Solid understanding of Application Security, DevSecOps and Cloud security for all cloud service modelsExperience working with and securing API technologies.Ability to effectively deliver results on several concurrent projectsSolid understanding of best practices emerging from OWASP, NIST and SANS, among others.Effective written and verbal communication skills, with the ability to represent technical details to a non-technical audience.Customer-Centric mindset with Strong Business AcumenPersonal Characteristics: Strong communicator, team player, attentive to detail, flexible, creative, out-of-the-box thinker, responsible, reliable, trustworthy, solutions-oriented mindset.Top of Form
Preferred Qualifications:
Bachelor's degree in Computer Science, Cybersecurity or similar field Master's degree or equivalent preferredExperience with offensive security (penetration testing or red teaming) highly preferredCertifications: GCIH/GWAPT/GPEN, CISSP/CCSP/ CSSLP, OSCP/OSWE/PNPT (or similar)Proficient in at least one programming or scripting language (Python, Bash, PowerShell, JS, Ruby, etc)Experience with XML, JSON, JQ, JWT, OAuth, SAML & OIDC
Top of Form
Heidrick & Struggles is an equal opportunity employer committed to hiring qualified protected veterans and individuals with disabilities. All qualified applicants will be considered for employment without regard to race, color, religion, creed, age, sex, national origin, gender identity or expression, sexual orientation, disability, marital status, veteran or military status, or citizenship status.
Heidrick & Struggles is committed to providing reasonable accommodations and/or adjustments during our recruitment process. If you are selected for an interview and require an accommodation and/or adjustment, please inform your Talent Acquisition professional.
Additional information on the firm can be found at www.heidrick.com.
Job Description:
Who We Are:
Heidrick & Struggles (Nasdaq: HSII) is a premier provider of global leadership advisory and on-demand talent solutions, serving the senior-level talent and consulting needs of the world's top organizations. In our role as trusted leadership advisors, we partner with our clients to develop future-ready leaders and organizations, bringing together our services and offerings in executive search, diversity and inclusion, leadership assessment and development, organization and team acceleration, culture shaping and on-demand, independent talent solutions. Heidrick & Struggles pioneered the profession of executive search more than 70 years ago. Today, the firm provides integrated talent and human capital solutions to help our clients change the world, one leadership team at a time.®
Additional information on the firm can be found at www.heidrick.com.
The Role:
The Cybersecurity Specialist is responsible for validating that technology services are designed and implemented with high security standards. The role manages and enhances the security of information systems in tandem with their underlying services, addresses legacy and emerging security issues, and implements repeatable operational countermeasures to mitigate risk of exploitation. Additionally, the Cybersecurity Specialist will assess the technical environment for weaknesses and find resolutions before they can be abused, while also participating as a technical subject matter expert in Cybersecurity Incident Response. Considered a highly knowledgeable individual, the Cybersecurity Specialist is expected to showcase to both internal and external clients, auditors, and Heidrick & Struggles management that security best practices are being adhered to. They are expected to provide reasonable assurance and recommend controls to ensure compliance with these standards.
Responsibilities:
Adopt, implement, and enhance security standards for technology services across our environment.Enforce rigorous security controls with internal and external constituents and follow through for verification and consistency.Work in tandem with architects, the security operations center (SOC), incident responders, technology infrastructure and software development team members.Provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by integrated security assessments.Participate in IT projects and change management committees. This includes interacting with business units, technical and non-technical teams to define how projects can be more secure from the beginning.Perform or assist with vulnerability assessments, penetration testing, client due diligence, vendor & product assessments, internal & external audits.Stay up to date with, and utilize security standards, implementation and configuration best practices, security frameworks, publications, and advisories.Participate in trainings and perform other duties assigned.Required Qualifications:
Highly technical and analytical with a proven, deep background in log analytics, detection engineering & incident response.At least 5+ years' experience working in an Information Security domain.Proven experience with network security technologies and protocolsExperience with SOAR, CASB, IAM, SIEM, DLP, WAF/RASP, SAST/SCA/DAST, EPP/EDR, Firewalls, UEM/MDM and other technology tools leveraged by security teams.Solid understanding of Application Security, DevSecOps and Cloud security for all cloud service modelsExperience working with and securing API technologies.Ability to effectively deliver results on several concurrent projectsSolid understanding of best practices emerging from OWASP, NIST and SANS, among others.Effective written and verbal communication skills, with the ability to represent technical details to a non-technical audience.Customer-Centric mindset with Strong Business AcumenPersonal Characteristics: Strong communicator, team player, attentive to detail, flexible, creative, out-of-the-box thinker, responsible, reliable, trustworthy, solutions-oriented mindset.Top of Form
Preferred Qualifications:
Bachelor's degree in Computer Science, Cybersecurity or similar field Master's degree or equivalent preferredExperience with offensive security (penetration testing or red teaming) highly preferredCertifications: GCIH/GWAPT/GPEN, CISSP/CCSP/ CSSLP, OSCP/OSWE/PNPT (or similar)Proficient in at least one programming or scripting language (Python, Bash, PowerShell, JS, Ruby, etc)Experience with XML, JSON, JQ, JWT, OAuth, SAML & OIDC
Top of Form
Heidrick & Struggles is an equal opportunity employer committed to hiring qualified protected veterans and individuals with disabilities. All qualified applicants will be considered for employment without regard to race, color, religion, creed, age, sex, national origin, gender identity or expression, sexual orientation, disability, marital status, veteran or military status, or citizenship status.
Heidrick & Struggles is committed to providing reasonable accommodations and/or adjustments during our recruitment process. If you are selected for an interview and require an accommodation and/or adjustment, please inform your Talent Acquisition professional.