As the world's leading and most diverse derivatives marketplace, CME Group (www.cmegroup.com) is seeking a Cyber Security Engineer III - Threat Simulation to be an integral part of our Offensive Security organization and contribute towards improving CME Group’s security posture.
Responsibilities
1. Participate in the execution of Purple Team cyber exercises of internal and internet facing information systems and infrastructure.
2. Participate in Red Team activities to identify misconfigurations and cyber security vulnerabilities.
3. Contribute to designing, scoping, and executing Purple Team exercises.
4. Contribute to designing, scoping, and executing threat intelligence led Red Team exercises against a hybrid environment.
5. Build and maintain Red and Purple team infrastructure, automating functions where possible.
6. Research new offensive security tactics, techniques, and procedures.
7. Conduct ad-hoc offensive security testing using industry standard tools.
8. Contribute to report creation activities including compromise narratives and detailed technical findings.
9. Assist cyber defense teams during incident investigations.
10. Interface with other information security departments and business stakeholders.
11. Active contributor to Red and Purple Team activities for internal presentations and conferences.
Position Requirements
1. 5+ years’ experience with industry standard penetration testing tools (Cobalt Strike, Metasploit, Burp Suite, Nmap, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
2. Strong understanding of MITRE ATT&CK framework tactics, techniques and procedures.
3. Strong understanding of Purple Team concepts, tools, and automation strategies.
4. Strong understanding of measuring and rating vulnerabilities.
5. Strong understanding of Windows and Linux system hardening concepts and techniques.
6. Experience with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
7. Experience with at least one cloud environment (AWS, GCP, Azure).
8. Experience modifying payloads to bypass detections like EDR.
9. Experience attacking cloud, on-prem and/or hybrid environments.
Nice to Have
1. Previous experience of Purple Team project delivery.
2. Experience of using Purple Team automation tools.
3. Experience of using automated configuration management such as Chef.
4. Experience of conducting Offensive Security and/or Purple Team exercises against macOS and ChromeOS.
5. Understanding of how an Advanced Persistent Threat could compromise a financial institution.
6. Recognized industry certifications such as GPEN, GXPN, GREM, OSCP, etc.
7. Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
8. Knowledgeable in Agile project management.
Company Benefits
* Bonus Programme
* Equity Programme
* Employee Stock Purchase Plan (ESPP)
* Private Medical and Dental coverage
* Income Protection
* Life Assurance
* Cycle To Work
* Family Leave
* Education Assistance – MBA/Advanced Degree/Bachelor Degree
* Ongoing Employee Development Training/Certification
#J-18808-Ljbffr