Security Engineer I
- Chicago, IL, USA
- Permanent, Full time
- Chicago Mercantile Exchange
- 19 Mar 19
Security Engineer I
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
The Application Security Engineer is responsible for performing manual application security assessments (application pentests) and communicating any findings to the developers and QA teams. Additionally, the individual will provide design support and security best practice guidance, in the form of consultation, to various development teams and business stakeholders. The individual is also responsible for performing application architecture security reviews through design and delivery of integrated solution architectures.
You will work with a very interesting team of highly skilled application security engineers. This is a great environment to progress your application security career while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.
- Manual review of source code (Java, C#, C++, *) for security vulnerabilities
- Dynamic assessment of HTTP and proprietary protocols
- Development of bespoke assessment tools
- Driving application security awareness and remediation of identified vulnerabilities
- Development of in-house tools to integrate with CME Group SDLC and to track and derive security metrics
- Implementation of static and dynamic automated security testing tools and their deployment within Continuous Integration systems
- A demonstrable passion for application security
- 2 years experience performing application security assessments both with and without source code
- Strong development background, Bachelors of Computer Science preferred
- Full-stack knowledge of web and network applications. Familiarity with TIBCO and other messages queues a plus, but you should be able to quickly learn it
- Continuous integration, static analysis (Fortify, Coverity, and/or Veracode), and/or dynamic scanning tools (WebInspect, Appscan, NTObjectives)
- OSCP/OSWE, GWAPT, GMOB, GPYC, or other relevant security certifications