Security Engineer

Job description

RAPP Chicago is looking for a Security Engineer to join our award-winning Technology team.

WHO WE ARE:

We are RAPP – world leaders in activating growth with precision and empathy at scale.

As a global, next-generation precision marketing agency we leverage data, creativity, technology, and empathy to foster client growth. We champion individuality in the marketing solutions we create, and in our workplace. We fight for solutions that adapt to the individual’s needs, beliefs, behaviors, and aspirations.

We foster an inclusive workplace that emphasizes personal well-being.

HOW WE DO IT:

At RAPP, our fearless superconnectors help to create value from personal brand experiences by focusing on three key areas: connected data, connected content and connected decisioning.

Our data analysts identify who that person is, our strategists understand what they want, and our award-winning technologists and creatives know how to deliver it – ensuring we’re able to activate authentic customer connections for our clients.

Part of Omnicom’s Precision Marketing Group, RAPP is comprised of 2,000+ creatives, technologists, strategists, and data and marketing scientists across 15+ global markets

YOUR ROLE:

We are seeking a Security Engineer to support enterprise-wide security and compliance initiatives within a highly secure government cloud environment.  This role ensures ongoing compliance and security through continuous monitoring and evaluation activities, vulnerability management activities, and by supporting secure development and change management processes.  This role will support a government cloud-based system operating at Impact Level ⁴⁄₅ (IL4)/(IL5) in AWS GovCloud operating within the Risk Management Framework (RMF).  This role works closely with a Security Architect and technical and program management leaders to ensure the security posture of the system throughout its lifecycle.  The ideal candidate will have strong attention to detail, a passion for information security, and the ability to work collaboratively within a highly cross functional team environment.

YOUR RESPONSIBILITIES:

• Conduct and analyze vulnerability assessments using automated tools (e.g. Evaluate-STIG), interpret scan results, and coordinate remediation.
• Update RMF required documentation (SSP, SAR, POA&Ms), ensuring it accurately reflects current system status, vulnerabilities, and remediation actions to support ATO renewals and audits.
• Participate in technical change management and secure development processes, reviewing new features for security compliance.
• Support threat modeling activities for system changes, documenting risks and mitigation approaches working with the Security Architect.
• Use compliance/risk management tools (e.g. eMass) to maintain security and risk assessment evidence, track findings, and support remediation activities.
• Collaborate with and support the Security Architect, technical owners, ISSOs, engineers, and program management stakeholders to gather evidence, resolve findings, and verify secure implementation of security related changes.
• Prepare and deliver clear, concise security reports and briefings to security and technical stakeholders
• Remain current on evolving DoD cybersecurity requirements, NIST guidance, AWS GovCloud security practices, and emerging threats.

REQUIRED SKILLS:

• Experience supporting RMF processes and maintaining compliance documentation (NIST 800-53, ATO lifecycle).

• Hands-on experience with vulnerability assessment tools (e.g. Evaluate-STIG), and AWS services.

• Strong analytical, problem-solving, organizational, and technical writing skills.

• Familiarity with vulnerability management, continuous monitoring, and secure change management in cloud environments.

• Demonstrated ability to communicate and collaborate effectively with both technical and program management teams.

• Experience working in or with consulting organizations and/or public sector clients is highly valued.

• One of the following certifications is required to qualify for this role, in accordance with DoD ⁸¹⁴⁰⁄₈₅₇₀ requirements for cybersecurity positions (IAT Level II/III, IAM Level I/II, or CSSP Analyst/Auditor, as appropriate to assignment):

  • CompTIA Security+
  • CompTIA Cybersecurity Analyst (CySA+)
  • CAP (Certified Authorization Professional)
  • CISA (Certified Information Systems Auditor)
  • GSLC (GIAC Security Leadership Certification)
  • CISSP (Associate or full, preferred for some assignments)
  • Other DoD ⁸¹⁴⁰⁄₈₅₇₀-approved certifications appropriate to the position and level

• Candidates must maintain active certification status throughout employment. Additional or higher-level certifications may be required for advancement or based on project needs but are not necessary to apply for this role.

Preferred Qualifications

• Certified Cloud Security Professional ( CCSP) and/or Cloud AWS/Azure/GCP certifications
• Experience in highly regulated industries (government, defense, healthcare, finance)
• Experience with eMASS (DoD) / RMF tools and DISA STIGs, ACAS, Nessus compliance tools

Engagement Type

• Full-time position or consulting engagement.
• May require U.S. citizenship and ability to obtain/hold a security clearance (depending on project needs).

Soft Skills

• Exceptional attention to detail and organizational skills.
• Strong written and verbal communication skills, with the ability to explain complex metadata systems to non-technical users.
• Ability to work collaboratively and cross-functionally with creative, marketing, and IT teams.
• Proactive problem-solver who can identify issues and suggest improvements.
• Time management skills with the ability to prioritize and manage multiple tasks in a fast-paced environment.

Our hybrid work model:

RAPP’s current hybrid model is designed to enable in-person connections and collaboration that is core to our culture, while also supporting flexibility for all employees. As such, we have the option to work from home two days per week, if we’d like.

RAPP provides a competitive salary and comprehensive benefits plan. Benefits for this role include health/vision/dental insurance, 401(k), stock options, Healthcare & Dependent Flexible Spending Accounts, vacation, sick, and personal days and positive activism days, paid parental leave and disability benefits. For more information regarding Omnicom benefits, please visit www.omnicombenefits.com. A reasonable estimate of the salary for this role, at the time of posting, is $81,000 - $98,000. This range is specific to Chicago and multiple factors are considered in making compensation decisions including, but not limited to: skill set, experience and training, certifications; etc. This is an exempt position. If your requirements fall outside of this range, you are still welcome to apply.

“As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.”

NOTE:  This job description is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.