Job Description
Description
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at .
This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. The Cyber Security Engineer III - Threat Simulation will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.
Position Responsibilities
Position Requirements
CME Group: Where Futures Are Made
CME Group ( is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at .
This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. The Cyber Security Engineer III - Threat Simulation will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.
Position Responsibilities
- Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework
- Participate in purple team exercises that are intelligence driven to test cyber detections
- Build and maintain red team infrastructure automating functions where possible
- Continually research new offensive security tactics, techniques, and procedures
- Develop custom tools and tradecraft to automate tasks and increase the capabilities of the team
- Conduct ad-hoc penetration testing by using industry standard tools
- Participate in advanced social engineering campaigns to raise employee awareness
- Contribute to report creation using an appropriate rating to classify severity and prioritize remediation
- Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset
- Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation
- Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning
Position Requirements
- A minimum of 7 years' experience with industry standard penetration testing tools (Cobalt Strike, Metasploit, Burp Suite, Nmap, Covenant, etc.)
- Expert knowledge of red team concepts and tools
- Understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing
- Expert knowledge of measuring and rating vulnerabilities based on principal characteristics of a vulnerability
- Expert knowledge in Windows and Linux system hardening concepts and techniques
- Expert knowledge of modern evasion and bypass techniques
- Expert knowledge creating custom payloads for red team exercises
- Experience with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.)
- Experience with at least one cloud environment (AWS, Google Cloud Platform, Azure)
- Experience attacking cloud environments from initial access all the way through actions on objective
- Understanding of purple teaming concepts and tools
- Recognized industry certifications (GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT etc.)
- Hands-on experience with cyber security assessment reporting
- Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..)
- Operating knowledge of Agile project management
CME Group: Where Futures Are Made
CME Group ( is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.