3. /r/netsec's Q1 2019 Information Security Hiring Thread

/r/netsec's Q1 2019 Information Security Hiring Thread

Role: Sr. Cyber Security Engineer(Red Team/Penetration Testing)

Company: CME Group

Location: Chicago, IL

Non-HR: PM me with your application and I can make sure qualified candidates get in front of the proper hiring manager(s).

CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We’re small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .

This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation’s critical infrastructure.  The Sr. Cyber Security Engineer– Threat Simulation will be a vital member of the Cyber Threat Simulation Team.  This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure.  In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.

Position Responsibilities

  • Conduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.
  • Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.
  • Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.
  • Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.
  • Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.
  • Assist cyber defense teams with critical security incident investigations.
  • Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
  • Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.
  • Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.

Position Requirements

  • A minimum of 5+ years’ experience with penetration testing and/or red teaming operations.
  • Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
  • Must have excellent written and oral communication skills.
  • Must have experience with documenting cyber security assessment reports.
  • Expert knowledge of CVSS v3.0 rating and can accurately assess vulnerabilities based on the principal characteristics of a vulnerability.
  • Expert knowledgeable in Windows and Linux System hardening concepts and techniques.
  • Ability to translate highly technical material/knowledge to non-technical personnel.
  • Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..).
  • Strongly preferred Certifications: OSCP
  • Preferred Certifications: OSCE, GPEN, GXPN, CRT
/r/netsec Thread
Previous
Next

Recently removed from /r/netsec

Tracking Anonymized Bluetooth Devices via BLE security flaw PoC || GTFO 0x19 (Github Mirror) The /r/netsec Monthly Discussion Thread - December 2018 /r/netsec's Q3 2018 Information Security Hiring Thread Simple hack bypasses iOS passcode entry limit, opens door to brute force hacks Google bug bounty for security exploit that influences search results Cybereason RansomFree detects and blocks WannaCry using behavioral based detection (video link, details in comment) PINs and passwords can be stolen just by watching the way a phone tilts Bella: A pure python, post-exploitation, data mining tool and remote administration tool for macOS. 2015 Vice article reveals Spotify allows for brute-force password collection. There is still no login failure/password reset to this day. More details in comments. Cryptkeeper Sets the same password "p" for everything independently of user input /r/netsec's Q1 2017 Information Security Hiring Thread A Formal Security Analysis of the Signal Messaging Protocol [PDF] Warberry Pi- Tactical Exploitation Multiple 7-Zip Vulnerabilities Discovered by Talos

More Random Comments

since when F2P become some kind of "medal of honor" ? Newly licensed autistic drivers crash less than other young drivers - Researchers found that compared with their non-autistic peers, young autistic drivers have lower rates of moving violations and license suspensions, as well as similar to lower crash rates. I tried to make a film during my 3-month-solo-travel around Europe. It was just from the idea that it would be fun if I continued each scene from each city I visited. Since I was travelling alone, most part of the film was shot with the help of many other people walking around. Big Finish Writers as Doctor Who TV writers. A Fresh Start... Taking Benadryl for an allergic reaction This sub has lost sight of what it once was Kpop idol names S-politiker visade porr på nämndmöte With the republican nomination, who do you think would be more likely to win the 2024 presidential election? Post your questions or opinions about Navalny, Putin, opposition, corruption anything related to politics here in this thread : Our only rules, no insults, just fair and respectful debate DeepFuckingValue Calling Out Wall St. Bets on Gamestop Six Months Ago Share your opinion boys ! And add some other behaviours ! US Inauguration Address: Word Frequency (Biden vs. Trump) [OC] AITA For Demanding We Move Transatlantic?