isecjobs.com

Security Engineer II - Application Penetration Tester

Chicago - 20 S. Wacker, United States

Full Time Mid-level / Intermediate USD 91K - 152K
Company logo

CME Group

View all jobs at CME Group

Apply now Apply later

Security Engineer II - Application Penetration Tester
Role is hybrid (2day per week on site) in our Chicago IL office location.

We are not able to support remote and out of IL state employment.

Description

The Application Penetration Tester is responsible for performing manual application security assessments (application pentests) and communicating any findings to the Development and QA teams.  Additionally, the engineer will provide application design support and security best practice guidance, in the form of consultations, to various development teams and business stakeholders.

You will be working with a team of highly skilled Application Security Engineers that are responsible with the application security and security testing of CME Group’s applications and services.  This is a great environment to get exposure to a wide array of technologies and progress your application security career, while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.

Requirements

  • 4+ years’ experience performing blackbox and/or whitebox application penetration testing (Web, APIs, Mobile, Thick clients).

  • Advanced skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, IDA Pro, Kali, etc.

  • Knowledge on how to perform manual application source code security reviews for various languages such as: Java, .Net (C#, VB#), C++.

  • Experience with UNIX or Linux.

  • Experience with scripting languages such as: Python, bash, Powershell, etc.

  • Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates.

  • Self-motivated and a self-starter. If you have a question, be pro-active in finding the answer and communicate your learnings with teammates.

  • Excellent oral and written communications skills.

Nice to have:

  • Experience working in a DevSecOps and Continuous Integration/Continuous Delivery (CI/CD) environment.

  • Experience with Cloud (GCP) or Containers (Docker, Kubernetes).

  • Experience with micro-service architectures.

  • OSCP/OSWE, GWAPT, eWAPTx or other relevant security certifications.

Principal Accountabilities

  •  Perform manual whitebox/blackbox application penetration testing at key points in the Software Development Life Cycle for in-house or 3rd party developed software.

  • Produce detailed documentation (reports) and present the findings discovered during your security assessments to our stakeholders (Management, Development).

  • Provide application security consulting services at critical points in the SDLC.

  • Have an interest in continuing your education and staying current within the application security domain. 

Education

  • A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.

    #LI-Hybrid
    #LI-DS
    #dice
     

CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $91,400-$152,300. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.

CME Group : Where Futures are Made

CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone’s perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic. 

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.

Apply now Apply later
Job stats:  2  0  0
Categories: PenTesting Jobs Security Engineering Jobs

Tags: APIs Application security Bash Burp Suite C CI/CD Cloud Computer Science DevSecOps Docker GCP GWAPT IDA Pro Java Kali Kubernetes Linux OSCP OSWE OWASP Pentesting PowerShell Python Scripting SDLC Security assessment UNIX

Perks/benefits: Career development Competitive pay Equity / stock options Health care Salary bonus

Region: North America
Country: United States

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Information Systems Security Officer jobsInformation System Security Officer jobsInformation Security Officer jobsSenior Cybersecurity Engineer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsCyber Security Specialist jobsIT Security Engineer jobsSystems Engineer jobsSenior Network Security Engineer jobsSystems Administrator jobsSenior Information Security Analyst jobsSecurity Consultant jobsSenior Cyber Security Engineer jobsSecurity Specialist jobsIT Security Analyst jobsChief Information Security Officer jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsThreat Intelligence Analyst jobsSenior Penetration Tester jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Information Security Engineer jobsCyber Threat Intelligence Analyst jobs
Encryption jobsTop Secret jobsGDPR jobsSaaS jobsSplunk jobsMalware jobsEDR jobsRMF jobsSDLC jobsBash jobsSQL jobsForensics jobsIDS jobsThreat detection jobsIPS jobsActive Directory jobsFinance jobsDoDD 8570 jobsIntrusion detection jobsITIL jobsCompTIA jobsCRISC jobsDocker jobsTerraform jobsGIAC jobs
OWASP jobsHIPAA jobsSOC 2 jobsClearance Required jobsSANS jobsUNIX jobsCCSP jobsIndustrial jobsSAP jobsOSCP jobsJavaScript jobsVPN jobsTCP/IP jobsAnsible jobsBanking jobsDNS jobsPolygraph jobsSOX jobsData Analytics jobsMachine Learning jobsIT infrastructure jobsJira jobsCISO jobsVMware jobsNIST 800-53 jobs