Description This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. The Cyber Security Engineer III - Red Team will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.
Position Responsibilities
Lead red team exercises against a hybrid environment using, threat intelligence, and the MITRE ATT&CK Framework
Participate in purple team exercises that are intelligence driven to test cyber detections
Build and maintain red team infrastructure automating functions where possible
Continually research new offensive security tactics, techniques, and procedures
Develop custom tools and tradecraft to automate tasks and increase the capabilities of the team
Conduct ad-hoc penetration testing by using industry standard tools
Participate in advanced social engineering campaigns to raise employee awareness
Contribute to report creation using an appropriate rating to classify severity and prioritize remediation
Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset
Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation
Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning
Position Requirements
A minimum of 5 years' experience with industry standard red teaming tools (Cobalt Strike, Metasploit, Burp Suite, Nmap, Covenant, etc.)
Understanding of purple teaming concepts and tools
Expert knowledge of Red Team concepts and tools
Expert knowledge of measuring and rating vulnerabilities based on principal characteristics of a vulnerability
Expert knowledge in Windows and Linux system hardening concepts and techniques
Expert knowledge of modern evasion and bypass techniques
Expert knowledge creating custom payloads for red team exercises
Experience with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.)
Experience with at least one cloud environment (AWS, GCP, Azure)
Experience attacking cloud environments from initial access all the way through actions on objective
Hands-on experience with cyber security assessment reporting
Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..)
Operating knowledge of ITIL (ITIL Certification a plus)
#LI-Hybrid #LI-JSA
CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $104,800-$174,600. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone's perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic. The Candidate Privacy Policy can be found here.