Security Engineer II

  • Competitive
  • Chicago, IL, USA
  • Permanent, Full time
  • Chicago Mercantile Exchange
  • 16 Dec 18

Security Engineer II

CME Group: Where Futures Are Made

CME Group ( is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

The Application Security Engineer is responsible for performing manual application security assessments (application pentests) and communicating any findings to the developers and QA teams. Additionally, the individual will provide design support and security best practice guidance, in the form of consultation, to various development teams and business stakeholders. The individual is also responsible for performing application architecture security reviews through design and delivery of integrated solution architectures.

You will work with a very interesting team of highly skilled application security engineers. This is a great environment to progress your application security career while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.


  • Experience performing blackbox/whitebox security assessments of applications (web, mobile, thick clients)
  • Experience performing manual reviews of application source code for security vulnerabilities written in various languages including: Java, .Net (C#, VB#), C++, *.
  • Advanced level skills with application security testing tools including: Burpsuite, sqlmap, nmap, etc.
  • Experience with UNIX or Linux.
  • Experience with scripting languages such as: Python, bash, Powershell, etc.
  • Have a passion for application security and be able to share your passion and learnings with teammates and customers.
  • Self-motivated and a self-starter. If you have a question, be pro-active in finding the answer and communicate your learnings with teammates.
  • Excellent oral and written communications skills.

Principal Accountabilities
  • Perform manual security assessments at key points in the SDLC.
  • Produce documentation (reports) and present findings of manual security assessments.
  • Provide application security consulting services at critical points in the SDLC.
  • Have an interest in continuing your education and staying current within the application security domain.

  • A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.

  • OSCP/OSWE, GWAPT, GMOB, GPYC, or other relevant security certifications

For EU Residents, the Candidate Privacy Policy can be found here.