Sr. Cyber Security Engineer - CME Group Chicago, IL, USA Bookmark Share Print 599 1 4

Listing Description

Description

This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation’s critical infrastructure. The Sr. Cyber Security Engineer – Threat Simulation will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for leading the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.

Position Responsibilities

Conduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.

Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.

Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.

Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.

Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.

Assist cyber defense teams with critical security incident investigations.

Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.

Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.

Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.

Position Requirements

A minimum of 5+ years’ experience with penetration testing and/or red teaming operations.

Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.

Must have excellent written and oral communication skills.

Must have experience with documenting cyber security assessment reports.

Expert knowledge of CVSS v3.0 rating and can accurately assess vulnerabilities based on the principal characteristics of a vulnerability.

Expert knowledgeable in Windows and Linux System hardening concepts and techniques.

Ability to translate highly technical material/knowledge to non-technical personnel.

Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..).

Mandatory Certifications: OSCP

Preferred Certifications: OSCE, GPEN, GXPN, CRT

Additional Job Description

Additional Job DescriptionConduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.

Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.

Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.

Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.

Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.

Assist cyber defense teams with critical security incident investigations.

Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.

Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.

Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.