Join The Team
If you have the knowledge, the desire, and the drive, we have a role for you
Junior Associate - PCI QSA / Compliance Consultant
Do you love what you do for a career? Do you want to?
Urbane is seeking the most talented, driven, and intelligent in offensive and defensive security to join our Security Services teams to help secure the largest and most interesting organizations, platforms, and products in the world. From large-scale cloud platforms to the newest mobile applications; global financial processing to regional healthcare providers; cutting edge devops environments to traditional corporate enterprises - Urbane is called on to help organizations face unique, highly technical, and critical challenges.
In this role you’ll assess the unique and technical environments for both merchant and service providers for their compliance to the PCI DSS, provide clearly detailed and technical remediation guidance for any gaps, and serve as an expert resource in helping implement compliance requirements. Given your expertise and drive, you’ll face diverse challenges, including some of the most technically unique environments in the world. You’ll have the opportunity to excel independently while having an expert team drive you to achieve your best and back you up with the diverse challenges you’ll face. To back you up, you’ll have Urbane’s security services team available to provide expert technical opinion and assist with the more technical of environments.
With Urbane you’ll have the power to make a difference and face real challenges: improving environments security, advising teams on the most effective ways to address the core security problems, and address real security problems. Challenges vary week to week and provide a wealth of experience.
Sound like an exciting challenge and a cause you can get behind? Read on.
Who You Are
You should possess the following key character traits:
- Highly technical with hands-on experience in the latest technologies. You don’t just check the box, you dive into the inner workings to understand the how and why. You’ve spent time researching the technical workings of current trends in devops tools, well established cloud service providers, and legacy operating systems alike, and have pondered trust relationships between these environments. You may have even gone so far as to build your own test environments to learn how a solution handles authentication, integrity, or cryptography.
- Creative, out-of-the-box thinker who can leverage various domains of knowledge to create uniquely tailored tests and solutions for complex problems. You evaluate situations for their root cause, and consider the implications of a recommendation prior to making it.
- You’re curious by nature, intrigued by how things work, and have an appetite to find weaknesses in their design and implementation.
- You prefer building, contributing, and leading over falling in line. You’re happy to take the initiative in building a tool or resource that makes everyone’s lives easier.
- Urbane team members value developing long-term client relationships over “drop the mic” moments. You want to provide remediation suggestions that address the core issues, are sustainable, and work within the confines of the target environment.
- You’re passionate about technology and find entertainment in crazy personal projects (i.e., programming a USB Nerf gun and webcam to mess with your cat while you aren’t at home, building an enterprise-grade virtualization environment in your closet, or seeing how many neighbors think your “free” wifi is actually “free”).
- A desire to stay current with the latest technologies, attacks, and hardening strategies. You’re a regular online reader of blogs and social media for the latest in security, enjoy good conference talks, and/or contribute to interesting projects.
- Driven personality, with a desire to continuously improve, put in the hours, and deliver. You take pride in your work, and you want it to be the best you can do.
- Highly organized and detail-oriented with the ability to independently prioritize multiple projects while still balancing personal goals. You recognize when you need help, and aren’t afraid to ask for it.
- Have a strong ethical compass and an understanding of ethics in business and information security. You’ll respect scope limitations, clean up after your attacks, and never access or retain data that isn’t pertinent to the testing.
- Equally comfortable holding your own with a technical audience (especially the Unix-Beards) as well as communicating to a non-technical audience (including the C-Suite), both in writing and verbally.
- Maintain a unique and independent identity, but respect other business’ culture, including dress apparel, level of formality, and work schedules. We maintain a startup-style culture internally, while presenting a clean, elevated, and refined image to the rest of the world.
- Enjoy travel and are a self-proclaimed road warrior (up to 50% of Domestic/International travel may be required). You have (or are able to obtain) a valid US Passport and have built your own set of tips and tricks for your carryon, security checkpoints, and transportation as a business traveler.
- Currently a US citizen or other permanent US resident.
What You Have Done
We care more about knowledge drive over pieces of paper to serve as proof. As such, we’re looking for the following:
- Have either 1-3 years of experience with, whether internally or as a consultant, PCI DSS assessments, IT Compliance Audits, or information security consulting on a variety of defensive technologies and infrastructures.
- Gained a strong technical knowledge and understanding of mixed-technology environments, include diverse operating systems, network hardware, web application languages, administration technologies, authentication mechanisms, and cloud platforms.
- Experienced alignment with multiple information security regulations/standards/frameworks/acronyms to ensure implemented controls meet all applicable standards.
- Learned the core fundamentals of computers and networks, all the way down to protocol stacks.
- Successfully used or implemented open-source solutions to address security and compliance needs.
- Paid enough attention in English class to write good (or is it well?) and know to self-QA deliverables before sending them to others.
What We Prefer (but do not require)
- Currently a PCI QSA or ISA is desirable, but we are willing to sponsor the right candidate who has exceptional breadth and depth of technical knowledge with the drive and desire.
- Are active in industry groups (e.g., ISACA, ISC2, InfraGard, OWASP, DEF CON Groups, City-Sec Meetups, or other security meetups) and/or conferences (e.g., BlackHat, RSAC, DEFCON, ShmooCon, Summercon, THOTCON, BSides, etc.).
- College or equivalent educational experience.
- Have fun acronyms after your name, such as QSA, CISSP, GIAC, CISA, or are not opposed to getting them as needed.
- Located in Chicago-land area or open to relocation, but we are willing to accept the right candidates across the US.
- You prefer the words “information security” or “computer security” over “cyber”.
Who Is Urbane?
Founded in 2009 and headquartered in the land of da Bears, da Bulls, da Delays at O'Hare, and winters leaving you wondering why you haven't moved yet, Urbane is an information security firm focused on elevating the level of security and compliance through uniquely tailored highly-technical engagements. Engaging with a wide array of customers from Fortune to start-ups, our portfolio is never without opportunity to challenge personal skillsets and grow within the organization.
What's In It For You?
- Competitive Salary.
- Standard benefit packages, including Medical/Dental/Vision, paid vacation time, 401k plan, and reimbursable internet/phone/gym plans.
- Training and professional development stipends (yes, this includes conferences!).
- Annual team meetings and occasional team events, including BlackHat / DEF CON week.
- Exotic Travel Locations (like Omaha!)
- Captivating challenges, meaningful work, and ability to grow, both intellectually and within the company.
Up for the challenge?
To apply to join the Urbane team, please email Join Us @ UrbaneSecurity.com with the following:
- Email Subject containing the role you're applying for - The link below will assist in creating a sample email.
- Current Resume - Please attach your current resume in PDF outlining your expereince, skills, and knowledge.
- Who _YOU_ are - Generic cover letters are boring and a guaranteed route to rejection. Introduce yourself to us and outline what makes you unique, skilled, or otherwise interesting. Bonus points for outlining your personal passions or projects (whether it be technology, coffee, music, cooking, travel, athletics, outdoors, crafting, aviation, sailing, or other).
- What does it mean to you to be "Urbane" - Our team provides a top-tier level of delivery, both in technical abilities and in service. Briefly outline what you'll do to make your work "Urbane" in quality.
If you do not receive a response within two weeks, feel free to check in again with our team to ensure we received your application. All of us at Urbane look forward to hearing from you!Click to Email Us To Apply