Security Engineer III - India

The Application Security Engineer is responsible for providing leadership on how to best improve our application security and secure software development lifecycle. This individual is responsible for performing manual application security assessments (application pentests) and communicating any findings to the developers and QA teams. Additionally, the individual will provide design support and security best practice guidance, in the form of consultation, to various development teams and business stakeholders. The individual is also responsible for performing application architecture security reviews and championing security through design and delivery of integrated solution architectures.

Principal Accountabilities
• Providing consulting services at critical points in the SDLC.
• Perform manual security assessments at key points in the SDLC.
• Participate in security architecture reviews.
• Produce documentation (reports) and present findings of manual security assessments.
• Create meaningful metrics on assessments that have been performed and be able to speak to them.
• Be able to train others on tools and processes that you use and be comfortable sharing your knowledge with others.
• Have an interest in continuing your education and staying current within the application security domain.
 

Skills and Software Requirements:
• Experience performing blackbox/greybox/whitebox security assessments of applications (application pentests) which use HTTP and/or proprietary protocols.
• Experience performing manual reviews of application source code for security vulnerabilities written in various languages including: Java, .Net (C#, VB#), C++, *.
• Expert level skills with application security testing tools including: Burpsuite, sqlmap, nmap, etc.
• Experience with application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
• Experience with UNIX or Linux.
• Experience with scripting languages such as: Python, bash, Powershell, etc.
• Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.
• Self-motivated and a self-starter. (If you have a question, find the answer, ask somebody, figure it out, and communicate.)
• Excellent Oral and Written communications skills.

 

CME Group: Where Futures are Made

CME Group is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone’s perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.