Lead Security Engineer
3 weeks ago
Role Overview The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge, and provide detailed written reports to key business stakeholders (management, development teams).
Additionally, the individual will provide application design support and application security best practice guidance, in the form of consultations, to various development teams and business stakeholders. The individual is also responsible for championing security through design and delivery of integrated solution architectures.
This role leads by example by performing all the Application Security team responsibilities and provides training opportunities for other team members. As a technical lead in the Application Security Assessment team, this role must effectively communicate with CME technology, business, and third-party partners.
Principal Accountabilities
- Lead by example and independently perform all functions and services of the GIS AppSec team..
- Conduct advanced web application, micro-services, API, cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.
- Perform targeted manual security reviews at key points in the software development life cycle.
- Perform peer reviews of assessment reports and provide constructive guidance to team members.
- Train others on tools and processes used in AppSec methodology.
- Provide technical guidance to team members and other stakeholders (e.g. development teams, project teams, business stakeholders).
- Provide input for strategic visioning / planning.
- Identify the need and develop new security standards and reference architectures.
- Identify metrics that can help measure performance, gaps in coverage, need for head count, trends in findings.
- Identify and document process improvements and influence team and management support and prioritize changes.
- Establish yourself as a recognized technical expert within the team.
- Have an interest in continuing your education and training and staying current within the application security domain.
Requirements
- 12+ years' experience performing security assessments of a wide variety of systems, applications and technologies which include both proprietary and industry standard protocols.
- Expert knowledge and experience performing manual security reviews of application source code for security vulnerabilities written in various languages including: Java, .Net (C#, VB#), C++, *.
- Expert level skills with application security testing tools including: Burp Suite Pro, Kali, Checkmarx, sqlmap, nmap, Wireshark, etc.
- Expert knowledge of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities most critical web vulnerabilities and how to identify and remediate them.
- Advanced knowledge of application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
- Advanced knowledge of UNIX/Linux/Windows.
- Advanced knowledge with scripting languages such as: Python, bash, Powershell, etc.
- Experience with drafting of Security Standards, Reference Architectures and Secure Technical Implementation Guidelines.
- Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.
- Self-motivated and a self-starter (If you have a question, find the answer, ask somebody, figure it out, and communicate).
- Excellent Oral and Written communications skills.
- Certifications such as GWAPT, eWPTx, OSCP, OSWE, CISSP, or other relevant certifications are highly preferred.
Education A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone's perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic.
The Candidate Privacy Policy can be found here.
-
Lead Security Engineer
3 days ago
Chicago, United States Informatic Technologies Full timeThe Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams). Additionally, the individual will provide application design support and...
-
Lead Security Engineer
5 days ago
Chicago, United States Informatic Technologies, Inc. Full timeThe Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams).Additionally, the individual will provide application design support and...
-
Lead Security Engineer
5 days ago
Chicago, United States Informatic Technologies, Inc. Full timeThe Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams).Additionally, the individual will provide application design support and...
-
Lead Security Engineer
4 days ago
Chicago, United States Informatic Technologies, Inc. Full timeThe Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge and providing detailed written reports to key business stakeholders (management, and development teams).Additionally, the individual will provide application design support and...
-
Lead Security Engineer
4 weeks ago
Chicago, United States CME Group Full timeDescription Role Overview The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge, and provide detailed written reports to key business stakeholders (management, development teams). Additionally, the individual will provide application...
-
Lead Security Engineer
3 weeks ago
Chicago, United States Chicago Mercantile Exchange Inc. Full timeDescription Role Overview The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge, and provide detailed written reports to key business stakeholders (management, development teams). Additionally, the individual will provide application...
-
Lead Software Engineer
2 weeks ago
Chicago, Illinois, United States Center for Research in Security Prices (CRSP) Full timeAbout UsCRSP is a leader in providing research-quality data to scholars and investors, advancing the body of knowledge in finance, economics, and related disciplines for over 60 years. Nearly 500 leading academic institutions in 35 countries around the world rely on CRSP data for quality and timely academic securities research.Current projects include...
-
Lead Security Engineer
1 month ago
Chicago, IL, United States CME Group Full timeDescription Role Overview The Lead Security Engineer Application Security is responsible for performing advanced manual security assessments on applications and systems that require specialized knowledge, and provide detailed written reports to key business stakeholders (management, development teams). Additionally, the individual will provide application...
-
Lead Infrastructure Engineer
2 weeks ago
Chicago, United States HiresRight, Inc. Full timeAbout the job Lead Infrastructure Engineer Lead Infrastructure Engineer: EDX EDX is seeking a full-time Lead Infrastructure Engineer, responsible for implementing and maintaining the architecture of a highly available, high performance distributed system that processes trades and interacts with the blockchain and banking systems. In this position you will...
-
Security Lead Officer
8 hours ago
Chicago, United States Secureone Security Services Full timeJob DescriptionJob DescriptionSecureone Security Services is seeking to hire a Site Supervisor (SS). The Site Supervisor is responsible for supervising the security operations of their assigned site, inspection of officers who work at the site, and training/operational support of the branch.PAY: $20.04ESSENTIAL FUNCTIONS/DUTIES:Leadership skills to provide...
-
Blockchain Security Engineer
4 weeks ago
Chicago, Illinois, United States Jump Trading Full timeJump Crypto is the crypto division of Jump Trading Group, a research driven quantitative trading firm that's one of the largest traders by volume across traditional asset classes.Jump Crypto is committed to building and standing up critical infrastructure needed to catalyze the growth of the crypto ecosystem.As a Blockchain Security Engineer at Jump Crypto,...
-
Security Sales Consultant
3 weeks ago
Chicago, United States SMG Security Full timeCareers At SMG Security Holdings LLC (SMG) Join our team and make an impact in the Fire and Security industry! We are seeking highly motivated individuals who are passionate about making a difference. Select a job opening below to apply directly through our application portal. The Security Sales Consultant is responsible for building and growing new business...
-
Principal Security Engineer
2 weeks ago
Chicago, United States Glocomms Full timePrincipal Security EngineerLocation: Chicago or Dallas (hybrid, 3-days on-site)Glocomms are partnered with a leading Financial Services firm in the search for a technically hands-on Principal Security Engineer to join a new division within the organization focusing on technology strategy and innovation. The new division has been founded to research new and...
-
Principal Security Engineer
2 weeks ago
Chicago, United States Glocomms Full timePrincipal Security EngineerLocation: Chicago or Dallas (hybrid, 3-days on-site)Glocomms are partnered with a leading Financial Services firm in the search for a technically hands-on Principal Security Engineer to join a new division within the organization focusing on technology strategy and innovation. The new division has been founded to research new and...
-
Senior Security Engineer
3 weeks ago
Chicago, United States Bank of America Full timeDescription : The Information Security Engineer will lead strategic security efforts to expand technology offerings within the Merchant and Small Business technology portfolio. This role will work across various security and technology teams to define, drive, and deliver major security components to meet program objectives. Knowledge and experience...
-
Security Engineer
4 weeks ago
Chicago, United States Motion Recruitment Full timeJob Title: Security Engineer Location: Chicago, IL (Hybrid, MUST be in the Greater Chicago Area) Job Description: We're looking for an experienced Security Engineer to fortify our team's efforts in safeguarding our systems against potential threats. As a Security Engineer, you'll play a critical role in ensuring the integrity of our infrastructure,...
-
Security for Fast Food Restaurant
4 days ago
Chicago, United States Universal Security Full timeUniversal Security Chicago, IL 60660 $18 an hour **Who we are...** Universal Security, a Chicago-based company founded and led by a former Chicago Police Officer, has been a trusted provider of professional security services for over three decades. Our unwavering commitment is to become the leading security provider in the industry, fostering a...
-
Security Engineer
3 days ago
Chicago, United States Circle Full timeCircle is a financial technology company at the epicenter of the emerging internet of money, where value can finally travel like other digital data — globally, nearly instantly and less expensively than legacy settlement systems. This ground-breaking new internet layer opens up previously unimaginable possibilities for payments, commerce and markets that...
-
Security Officer
4 weeks ago
Chicago, Illinois, United States Inter - Con Security Systems Inc Full timeAs an Unarmed Security Officer, you will be utilized throughout various Chicago Transit Authority (CTA) rail stations, and rail system.As an Unarmed Security Officer, you are an integral part of the broad spectrum of specialized security services Inter-Con provides its clients every day.The completion of an approved twenty (20) hour, Basic Unarmed Security...
-
Azure Lead DevOps Engineer
2 weeks ago
Chicago, United States Resource Logistics Full timeRole : Clienture Lead DevOps Engineer Location : Chicago IL - 3 Days in client office & 2 days remote Contract The Clienture Lead DevOps Engineer will work within the global Clienture Cloud Services team who are responsible for building highly resilient, scalable, reusable and performant Clienture infrastructure in an automated and efficient manner. ...