Security Engineer II - Application Penetration Tester

logo

Security Engineer II - Application Penetration Tester

  •   3 Job Openings
  • 19 Views

Experience

2 - 5

Employee type

Full Time

Position

Experienced Professional

Offer Salary

$ 91,400 - $ 152,300 /annually

Job Description

The Application Penetration Tester will perform manual security assessments, identify vulnerabilities, and provide security best practices to Development and QA teams. This hybrid role requires 2 days on-site per week at our Chicago, IL office. Remote work and out-of-state employment are not supported.

Description 

 

The Application Penetration Tester is responsible for performing manual application security assessments (application pentests) and communicating any findings to the Development and QA teams.  Additionally, the engineer will provide application design support and security best practice guidance, in the form of consultations, to various development teams and business stakeholders. 

 

You will be working with a team of highly skilled Application Security Engineers that are responsible with the application security and security testing of CME Group’s applications and services.  This is a great environment to get exposure to a wide array of technologies and progress your application security career, while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion. 

 

Requirements 

4+ years’ experience performing blackbox and/or whitebox application penetration testing (Web, APIs, Mobile, Thick clients). 

Advanced skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, IDA Pro, Kali, etc. 

Knowledge on how to perform manual application source code security reviews for various languages such as: Java, .Net (C#, VB#), C++. 

Experience with UNIX or Linux. 

Experience with scripting languages such as: Python, bash, Powershell, etc. 

Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates. 

Self-motivated and a self-starter. If you have a question, be pro-active in finding the answer and communicate your learnings with teammates. 

Excellent oral and written communications skills. 

 

Nice to have: 

Experience working in a DevSecOps and Continuous Integration/Continuous Delivery (CI/CD) environment. 

Experience with Cloud (GCP) or Containers (Docker, Kubernetes). 

Experience with micro-service architectures. 

OSCP/OSWE, GWAPT, eWAPTx or other relevant security certifications. 

 

Principal Accountabilities 

 Perform manual whitebox/blackbox application penetration testing at key points in the Software Development Life Cycle for in-house or 3rd party developed software. 

Produce detailed documentation (reports) and present the findings discovered during your security assessments to our stakeholders (Management, Development).

Provide application security consulting services at critical points in the SDLC. 

Have an interest in continuing your education and staying current within the application security domain.  

 

Education 

A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required, or equivalent combination of education and relevant proven work experience. 
 

Skills
Python Core Java UNIX Linux APIs C++ VB#
Related Jobs
CME Group

Software engineer III- Back end Java

CME Group

Chicago, Illinois, US

$ 95,800 - $ 159,600 /annually

Full Time
Published: 1 week ago
Apply Now
View More

Job Overview

  • Experience

    2 - 5

  • Location

    20 S. Wacker, Chicago, Illinois, United States of America

  • Offered Salary

    $ 91,400 - $ 152,300 /annually

  • Qualification

    Experienced Professional

  • Industry

    Application Penetration Tester

  • Date Posted

    1 week ago

Apply Now
logo

CME Group

 View Profile