Manager Cyber Security - Cyber Threat Simulation

  • CME Group,
  • Chicago, Il, United States, IL
  • 10 hours ago
Full Time

Job Description

Description

CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .

This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. The Manager of Cyber Threat Simulation team will be a vital leader within the Global Information Security Team. This role is responsible for participating and leading a team in the execution of network penetration testing of internal and externally facing information systems and infrastructure. Additionally, the role provides the vision and execution of red on blue team activities, purple teaming strategies, zero-day analysis, and input into the company's cyber wargame program, among other responsibilities designed to protect and defend CME Group.

Position Responsibilities

  • Lead and mentor a team that conducts network penetration testing utilizing best industry practices and tools
  • Engage in regular adversarial testing designed to emulate TTPs of adversaries, whereby both infrastructure (code, system and network) and process (signal, monitoring, detection, and incident response) are in scope for evaluation
  • Participate in red team initiatives which involve intelligence-driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity
  • Assess broad areas of infrastructure through non-adversarial activities such as purple-teaming, zero-day exploit testing, project assessments, and validation of alerts and detections
  • Managing successful execution of regulatory and customer facing penetration testing and associated findings
  • Assist cyber defense teams with critical security incident investigations and help to prepare the detection and response process through design and execution of a robust purple-team program
  • Develop personal and team technical and professional growth. Serve as a technical resource providing mentorship, guidance and advice to project team members. Provides technical assistance and follow through to team members on complex problems
  • Work with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation
  • Evaluate, select and manage third party cyber security vendors for the purposes of conducting independent assessments of the environment, such as external penetration assessments, internal penetration assessments and indicators of compromise scanning
  • Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities
  • Help manage findings and projects; ensure compliance, measure, improve


Position Requirements

  • A minimum of 10 years' experience with penetration testing and/or red teaming operations
  • Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors
  • Must have excellent written and oral communication skills
  • Must have experience with documenting cyber security assessment reports
  • Expert knowledge of MITRE ATT&CK framework, GFMA, CREST STAR/CBEST, and NIST 800-115 and 800-53 CA8 as well as CVSS v3.0 rating framework
  • Expert knowledgeable in Windows, Linux, Mac, mobile Oss and network system hardening concepts and techniques, and how to circumvent them
  • Ability to translate highly technical material/knowledge to non-technical personnel
  • Knowledgeable in Industry Security standards (i.e.: ISO27002, NIST Cyber Security Framework, etc.)
  • Preferred Certifications: OSCP, OSCE, GPEN, GXPN, CRT, CREST


For EU Residents, the Candidate Privacy Policy can be found here.
Dice Id : CHIMERCX
Position Id : 7543242
Originally Posted : 1 month ago
Have a Job? Post it