Location: Chicago, IL
You will be working with a team of highly skilled Application Security Engineers that are responsible with the application security and security testing of CME Group's applications and services. This is a great environment to get exposure to a wide array of technologies in the financial sector, and progress your application security career, while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.
The Senior Application Security Engineer is responsible for performing advanced manual security backssments (pentests) on applications and systems that require specialized knowledge, and provide detailed written reports to key business
stakeholders (management, development teams). Additionally, the individual will provide application design support and security best practice guidance, in the form of consultations, to development teams and business stakeholders.
The individual is also responsible for performing application architecture security reviews and championing security through design and secure coding best practices. This role leads by example by performing all the Application Security team's responsibilities and provides mentorship opportunities for other team members. As a senior technical expert in the Application Security backssment team, this role must effectively communicate with CME technology, business,
and third-party partners. Principal Accountabilities Conduct advanced whitebox application penetration tests (web, thick clients, microservices, APIs) of proprietary and 3rd party on-prem/cloud systems.
Perform targeted manual security reviews at key points in the software development life cycle. Provide technical guidance to team members and other stakeholders (e. g. development teams, product teams, business stakeholders). Perform peer reviews of backssment reports and provide constructive guidance to team members. Identify security defects patterns, formulate remediation plans and work towards company-wide mitigation solutions. Champion security through design and secure coding best practices.
Research cutting-edge tools, techniques, and exploits specific to our environments and products and provide input for strategic visioning / planning. Requirements 8+ years' experience performing whitebox application penetration testing on a variety of systems, applications and technologies; or the ability to demonstrate equivalent knowledge. Advanced knowledge and experience with OWASP Top 10 / SANS 25 vulnerabilities and being able to identify them, provide remediation solutions and present to various stakeholders. Experience performing manual application source code security reviews for various languages such as: Java,Net (C#, VB#), C++.
Strong experience of Windows/UNIX/Linux. Experience with scripting languages such as: Python, bash, Powershell, etc. Experience or strong knowledge of drafting of Security Requirements / Secure Technical Implementation Guidelines. Experience or strong knowledge of cloud and containers technologies. Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates. Self-motivated and a self-starter.
If you have a question, be pro-active in researching the answer and communicate your learnings with teammates. Excellent oral and written communications skills. Nice to have: Experience working in an Agile and Continuous Integration/Continuous Delivery (CI/CD) environment. Automation experience. Knowledge of application reverse engineering and using decompilers. OSCP/OSWE, GWAPT, GMOB, GPYC, or other relevant security certifications are a plus. Education A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.
CME Group: Where Futures Are Made CME Group () is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more. At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone's perspectives are acknowledged and valued.
As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic. The Candidate Privacy Policy can be found here. For more details: jobs-search. org/finance_chicago-c429951/senior-security-engineer-application-penetration-tester-chicago_i1971736440
Engineering jobs encompass various roles focused on designing, developing, and maintaining structures, machines, devices, systems, and materials. These positions require a strong foundation in STEM (Science, Technology, Engineering, Mathematics) and often involve problem-solving, creativity, and technical expertise. Typical engineering disciplines include civil, mechanical, electrical, and chemical engineering, among others. Engineers work in diverse industries, from automotive to aerospace, construction to computing. Characteristics of engineering jobs include a blend of theoretical knowledge and practical application, a commitment to safety and efficiency, and the likelihood of collaborating across multidisciplinary teams.
Engineering jobs encompass a variety of roles focused on designing, developing, and maintaining structures, machines, and systems. These roles often require a strong foundation in math and science, as well as specialized knowledge in disciplines such as civil, mechanical, electrical, or software engineering. Key features of these jobs include solving technical problems, innovating solutions, and improving functionality and efficiency. Engineers typically work in collaborative environments, bridging theoretical concepts with practical applications to advance technology and infrastructure.
Engineering jobs encompass a broad range of careers focused on designing, developing, and maintaining structures, systems, and devices. They are characterized by a strong foundation in mathematics, physics, and technology. Engineers often specialize in fields such as civil, mechanical, electrical, or software, striving for innovation and problem-solving. These roles typically require critical thinking, collaboration, and a relentless pursuit of efficiency and functionality. Engineering careers are instrumental in shaping the future, as they constantly push the boundaries of what's possible in construction, manufacturing, communications, and various other sectors.
Engineering jobs encompass a variety of roles focused on designing, developing, and maintaining systems or structures. These positions often require strong problem-solving skills, technical expertise, and a solid foundation in mathematics and science. Engineers typically work in fields such as civil, mechanical, electrical, chemical, or software engineering. The unique characteristic of engineering jobs lies in their blend of creativity and practicality, as engineers innovate while ensuring functionality and safety. With the ongoing advancement of technology, engineering roles are also evolving, demanding continuous learning and adaptation.
