Senior Information Security Engineer – Applications

Faegre Drinker Biddle & Reath•Chicago, IL

6h•$120,000 - $130,000

About The Position

Faegre Drinker is a firm designed for clients and designed for you. We understand that our people are critical to our success and we are committed to investing in our paraprofessional, administrative and operations professionals. We are always looking for talented, service-focused individuals to join our flexible and high-performing culture. With technology tools and resources that support our hybrid work environment, our colleagues enjoy a culture of learning, support for work and personal goals, opportunities to give back to our communities, and competitive benefits and rewards programs. At Faegre Drinker, you will have the opportunity to share your expertise within and across teams and contribute to our success. Faegre Drinker has an opportunity for a Senior Information Security Engineer – Applications to work with our Technology, Information Security & Information Governance team in our Chicago, Denver, Florham Park, downtown Indianapolis, Minneapolis, Philadelphia, Princeton, Washington, D.C. or Wilmington offices. You will be part of a dynamic team responsible for ensuring that firm applications and services are designed, developed, and configured in a secure manner. This position will work with other talented individuals who share a passion for doing great work in the best interest of our clients.

Requirements

Ability to problem-solve
Excellent interpersonal, verbal and written communication skills, including the ability to communicate effectively in a virtual environment (e.g., via phone, web/videoconference)
Ability to concentrate on tasks, make decisions and work calmly and effectively in a high-pressure, deadline-orientated environment
Demonstrated ability to use good judgment in taking initiative while asking for direction or clarification and consulting others, as appropriate
Willingness to be flexible with time and adjust to a changing work environment
Ability to build and maintain positive relationships, both internally and externally, while maintaining a client service orientation
Ability to use sound judgment and discretion in dealing with highly confidential information
Ability to take direction and accept supervision
Demonstrated ability to work independently, organize and accurately prioritize work, be detail-oriented, understand when urgency is required and use good judgment in varied situations
Ability to work effectively with co-workers in a team oriented collaborative environment
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent combination of education and relevant experience.
Minimum of eight (8) years of relevant experience in development, quality assurance, or information security technical roles.
Proven expertise in secure software development, including integration of security practices within the Software Development Life Cycle (SDLC).
Deep and broad knowledge of the SDLC, with experience delivering applications and services in Azure and hybrid environments.
Strong understanding of OWASP Top 10 vulnerabilities and secure coding principles.
Hands-on experience in multiple programming languages and conducting thorough code reviews.
Experience performing application-level penetration testing and vulnerability assessments.
Detailed technical knowledge of application, operating system, and network security.
Strong experience with network security, networking technologies, and system, security, and network monitoring tools.
Thorough understanding of current security principles, techniques, and protocols.
Ability to effectively communicate information security issues, risks, and recommendations to both technical and non-technical peers and stakeholders.

Nice To Haves

Relevant professional certifications (e.g., CISSP, CEH, or equivalent) and/or additional education or specialized training in secure software development are highly preferred.

Responsibilities

Leads comprehensive vulnerability and configuration assessments to ensure Azure and on-premises applications and services are secure and aligned with industry best practices.
Performs advanced risk and threat assessments for applications, identifying potential attack paths, misconfigurations, and development flaws.
Executes in-depth application-layer security assessments, including secure code reviews, static and dynamic testing, and vulnerability analysis.
Drives red teaming exercises, secrets management, and proactive identification of application security risks to strengthen defenses.
Provides consistent and proactive updates to the Director, delivering risk-based insights, potential impacts, and recommendations for timely mitigation.
Continuously evaluates downstream impacts of application changes and proactively advises leadership on implications, dependencies, and risk reduction strategies.
Collaborates with internal teams and external service providers to implement and enforce security best practices, ensuring robust application protection.
Serves as a key contributor to security event response as a member of the Security Incident Response Team, providing expert guidance on remediation and mitigation.
Maintains detailed documentation of assessments, findings, and remediation efforts to support metrics, reporting, and continuous improvement of application security programs.
Special projects and other duties as assigned

Benefits

Flexible working environment for work-life success
Opportunity to participate in firm-sponsored volunteer events
Wellness programming with personalized content and activities
Professional environment and the opportunity to work with experts at the top of their fields
Variety of health plan options, as well as dental, vision and 401(k) plans
Generous paid time off

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume