Senior Security Engineer - API/WEB/Cloud

Job Snapshot

Employee Type: Full-time
Location: Chicago, Illinois
Teams: IT

Job Description

WE CREATE EMPOWERED LEADERS! At Milwaukee Tool we firmly believe that our People and our Culture are the secrets to our success -- so we give you unlimited access to everything you need to create disruptive new technologies and solutions on our ONE-KEY™ Connected Tools Team.

Our ONE-KEY™ Connected Tools Team is responsible for developing and maintaining a collaborative tool and equipment platform that helps jobs run smoother, with fewer headaches along the way. We help users track and lock tools, dial in performance, pull utilization data, and give users the ultimate control over their tools. We strive to deliver customer value, be transparent with work in all directions, embrace empowered, autonomous teams, receive, give, and ask for feedback frequently, and think with an entrepreneurial mindset.

Behind our doors you'll be empowered every day to own it, drive it, and do what it takes to develop and maintain the biggest breakthroughs in the industry. Meanwhile, you'll have the support and resources of the fastest-growing brand in the construction industry to make it happen. Learn more about ONE-KEY™ HERE.

Your Role on Our Team

As a Senior Security Engineer - API/Web/Cloud, you will be directly responsible for maintaining the confidentiality, integrity, and availability of Milwaukee's One Key application. In this position, you will provide information security direction and consultation to development teams and product engineering. You will also be involved with proactive auditing and penetration testing of systems, simulating sophisticated external and internal threats with the goal of uncovering vulnerabilities and testing defenses. This position will play in the selection, development, deployment, monitoring, maintenance, and enhancement of security technology as well as incident investigation.

You'll be DISRUPTIVE through these duties and responsibilities:

  • Manage and configure security testing tools to identify risks as early as possible in the development lifecycle.
    • Work with the development teams to address risks ensuring rapid but secure development.
  • Monitor and ensure security tools and processes are scalable and stable.
  • Perform code reviews to ensure compliance to security policies and controls.
    • Mentor development teams on secure API, web, and cloud coding best practices as necessary.
    • Partner with the development team to automate security testing and reduce repetitive tasks.
  • API, web, and cloud application development for security improvements projects, as necessary.
    • Mentorship, security best practices, reference code, libraries, proof of concepts.
  • Maintain deep understanding of networking, cloud infrastructure (AWS), system hardening and secure API, web, and cloud application development.
  • Partner with API, web, and cloud developers on Red Team/Blue Team testing activities.
  • Monitor, analyze and respond to security events.
  • Participate in on call rotation with your team.
  • Other duties and responsibilities as assigned.

The TOOLS you'll bring with you:

  • Bachelor's degree in Computer Science, Information Systems, Business Administration, or another related field.
  • 7 or more years of hands-on experience in information security technologies such as security design review, threat modeling, risk analysis, security controls and processes such as passive network monitoring, endpoint detection and response, incident response (Managed Detection and Response), and vulnerability management.
  • 2 or more years of experience with web applications or APIs (e.g., AWS API Gateway, C#/.NET Core, Node JS, Python).

Other TOOLS we prefer you to have:

  • Experience with cloud monitoring systems (e.g., CloudWatch, New Relic, Datadog) and audit trails (e.g., Cloud trail).
  • Previous work experience with Agile methodologies such as Scrum or Kanban.
  • Experience working with infrastructure as code (e.g., terraform, CloudFormation, CDK).
  • Experience with secret management services/appliances (e.g., AWS Secrets Manager, HasiCorp Vault, CyberArk).
  • Experience with mobile applications including connectivity with Bluetooth Low Energy and associated hardware/firmware
  • Experience establishing processes and controls aligning to SOC 2 and ISO 27001 certifications
  • Experience with Mobile app development (iOS and/or Android)
  • CISSP, CISM, CISA, CEH, GPEN, GWAPT, GCPN, GMOB, AWS Certified Solutions Architect, AWS Certified DevOps Engineer or similar security certifications
  • Experience with application containerization and implementation of Roles Based Access Controls.
  • Familiarity with AWS security offerings and capabilities (AWS Well-Architected).
  • Familiarity with application hardening solutions (Veracode, SonarQube, AWS Xray, fortify, etc.).
  • Familiarity with DevOps, automated testing, continuous integration/continuous deployment (CI/CD).
  • Familiarity with configuration management tools.
  • Strong communication, analytical, and interpersonal skills.

We provide these great perks and benefits:

  • Robust health, dental and vision insurance plans
  • Generous 401 (K) savings plan
  • Education assistance
  • On-site wellness, fitness center, food, and coffee service
  • And many more, check out our benefits site HERE.
Milwaukee Electric Tool Corporation ("Milwaukee Tool") is an equal opportunity and affirmative action employer seeking to employ and advance in employment qualified persons without discrimination and to not allow harassment of any employee or applicant because of race, ethnicity, color, religion, sex, sexual orientation, gender identity, genetic characteristics, physical or mental disability, national origin, age, status as a protected veteran, and any other status protected by local, state, or federal law.
Apply Now Not ready to Apply?

JOIN OUR TALENT NETWORK

Not ready to apply yet but still interested in building a future here at Milwaukee Tool? Join our Talent Network and be among the first to hear about new job opportunities, hiring events, insider knowledge, company news, and so much more! We look forward to staying connected with you.