- Lead by example and independently perform all functions and services of the GIS AppSec team..
- Conduct advanced web application, micro-services, API, cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.
- Perform targeted manual security reviews at key points in the software development life cycle.
- Perform peer reviews of assessment reports and provide constructive guidance to team members.
- Train others on tools and processes used in AppSec methodology.
- Provide technical guidance to team members and other stakeholders (e.g. development teams, project teams, business stakeholders).
- Provide input for strategic visioning / planning.
- Identify the need and develop new security standards and reference architectures.
- Identify metrics that can help measure performance, gaps in coverage, need for head count, trends in findings.
- Identify and document process improvements and influence team and management support and prioritize changes.
- Establish yourself as a recognized technical expert within the team.
- Have an interest in continuing your education and training and staying current within the application security domain.
- 12+ years' experience performing security assessments of a wide variety of systems, applications and technologies which include both proprietary and industry standard protocols.
- Expert knowledge and experience performing manual security reviews of application source code for security vulnerabilities written in various languages including: Java, .Net (C#, VB#), C++, *.
- Expert level skills with application security testing tools including: Burp Suite Pro, Kali, Checkmarx, sqlmap, nmap, Wireshark, etc.
- Expert knowledge of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities most critical web vulnerabilities and how to identify and remediate them.
- Advanced knowledge of application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
- Advanced knowledge of UNIX/Linux/Windows.
- Advanced knowledge with scripting languages such as: Python, bash, Powershell, etc.
- Experience with drafting of Security Standards, Reference Architectures and Secure Technical Implementation Guidelines.
- Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.
- Self-motivated and a self-starter (If you have a question, find the answer, ask somebody, figure it out, and communicate).
- Excellent Oral and Written communications skills.
- Certifications such as GWAPT, eWPTx, OSCP, OSWE, CISSP, or other relevant certifications are highly preferred.
-
Cyber Security Engineer
1 week ago
NovaWorks Solutions Willis, United StatesAbout the Company · Cogitron - Mind for Systems As a consulting firm with technical roots, we help our clients design their products safely and outstandingly in the context of diverse consulting projects. Sometimes we are helpers, sometimes coordinators, and sometimes auditors. · ...
-
IT Security Engineer
4 days ago
1872 Consulting Chicago, United StatesIT Security Engineer · Identify and Access Management (IAM) Focus · Chicago, IL - 3 days onsite in Loop, 2 days WFH · What you'll be doing · The IT Security Engineer will focus on the IAM function of IT Security, identifying, delivering and supporting the technology used to ...
-
IT Security Engineer
2 days ago
1872 Consulting Chicago, United StatesIT Security Engineer · Identify and Access Management (IAM) Focus · Chicago, IL - 3 days onsite in Loop, 2 days WFH · What you'll be doing · The IT Security Engineer will focus on the IAM function of IT Security, identifying, delivering and supporting the technology used to deli ...
-
Security Engineer
2 days ago
TEKsystems Chicago, IL, United StatesJob Description: · We are seeking a highly skilled Azure Security Engineer with expertise in security products, authentication, authorization, and identity and access management (IAM). As a key member of our security team, you will play a vital role in ensuring the secure and com ...
-
Security Engineer
4 days ago
Circle Chicago, United StatesCircle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data — globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up p ...
-
Security Engineer
2 days ago
Circle Chicago, United StatesCircle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data — globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up p ...
-
Security Engineer
4 days ago
DV Trading Chicago, United StatesJob Description · Job DescriptionAbout Us: · Founded more than 15 years ago and headquartered in Chicago, the DV Group of financial services firms has grown to more than 350 people operating throughout North America and in Europe. Since spinning out of a large brokerage firm in 2 ...
-
Security Engineer
4 days ago
TEKsystems Chicago, United StatesJob Description · Job DescriptionExperience with API Security – understand innerworkings of APIs, can come from a DevOps background with an appreciation for security · Analyze security vulnerabilities · Monitor connectivity of those APIs to make sure they are not allowing connect ...
-
IT Security Engineer
6 days ago
Cascade Innovations Melrose, United StatesAbout xSuite Group GmbH: · For 28 years, we have been passionate about the idea of supporting companies in digitizing and automating their business processes. The path to this goal is through innovative software solutions and competent consulting. In short: through the great work ...
-
Senior Security Engineer-Cyber Security
3 days ago
Relativity Chicago, United StatesAs a Senior Security Engineer, you will ensure the security of Relativity's network and infrastructure. In this role, the main responsibilities will be to investigate and analyze emerging threats against our assets, identities, and clients. You will also provide actionable remedi ...
-
Amazon Chicago, United StatesIn Amazon Stores, we ship some of the widest arrays of technology found at any company. From to world class machine learning pipelines, from cutting-edge digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest A ...
-
Senior Security Engineer-Cyber Security
1 week ago
Relativity Chicago, IL, United StatesHybrid Chicago / Remote United StatesSecurity – Cyber Security /HybridHere at Relativity we prioritize flexibility and work-life harmony. Our Hybrid work environment provides options tailored to your role and location, aiming to enhance engagement, connectivity, and productivity. ...
-
Desktop Security Engineer
6 days ago
HUB International Chicago, United StatesDesktop Security Engineer · An established and growing enterprise organization is seeking an experienced and dedicated Desktop Security Engineer to join our team and take charge of ensuring the security and integrity of our systems. The ideal candidate will have a strong backgrou ...
-
Lead Security Engineer
4 days ago
Informatic Technologies, Inc. Chicago, United StatesThe Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams ...
-
Principal Security Engineer
5 days ago
Glocomms Chicago, United StatesPrincipal Security Engineer · Location: Chicago or Dallas (hybrid, 3-days on-site) · Glocomms are partnered with a leading Financial Services firm in the search for a technically hands-on Principal Security Engineer to join a new division within the organization focusing on techn ...
-
Senior Security Engineer
1 week ago
Shirley Ryan AbilityLab Chicago, United StatesBy joining our team, you'll be part of our life-changing Mission and Vision. You'll work in a truly inclusive environment where diversity and equity are championed through words and actions. You'll contribute to an innovative culture that is second to none, one that embraces curi ...
-
Azure Security Engineer
2 days ago
Trident Consulting Chicago, United StatesTrident Consulting is looking for an Azure Security Engineer for one of our clients · Role: Azure Security Engineer · Location: Chicago IL (Hybrid–Onsite) · Type: Contract · Job Description: · We are seeking a highly skilled Azure Security Engineer with expertise in security pro ...
-
Staff Security Engineer
23 hours ago
Grubhub Chicago, United StatesGrubhub is seeking a Staff Security Engineer to join our Product Security team. As a member of our team you will help us analyze, design and build security technology into our products and services in order to enable trustworthy experiences for Grubhub's diners, merchants, driver ...
-
Security Engineer III
2 days ago
Paragontech Chicago, United StatesIf you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. · Security Engineer III · Full Time · Scott AFB, IL, US · 9 days ago · Requisition ID: 1071 · The Security Engineer III ...
-
Principal Security Engineer
2 days ago
Glocomms Chicago, United StatesPrincipal Security Engineer · Location: Chicago or Dallas (hybrid, 3-days on-site) · Hit Apply below to send your application for consideration Ensure that your CV is up to date, and that you have read the job specs first. · Glocomms are partnered with a leading Financial Serv ...
Lead Security Engineer - Chicago, United States - CME Group
Description
Role Overview The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge, and provide detailed written reports to key business stakeholders (management, development teams).
Additionally, the individual will provide application design support and application security best practice guidance, in the form of consultations, to various development teams and business stakeholders. The individual is also responsible for championing security through design and delivery of integrated solution architectures.
This role leads by example by performing all the Application Security team responsibilities and provides training opportunities for other team members. As a technical lead in the Application Security Assessment team, this role must effectively communicate with CME technology, business, and third-party partners.
Principal Accountabilities
Requirements
Education A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.
CME Group: Where Futures Are Made
CME Group ) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone's perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic.
The Candidate Privacy Policy can be found here.