Security Engineer III -Application Penetration Tester's logo

Security Engineer III -Application Penetration Tester

  • Remote: No
  • Job Group: Professional
  • Position Type: Full Time
  • Start Date:
  • Minimum Education: Bachelor's Degree
  • Background Check Required: No

About this Job

Required Broad Skills

  • Complex Problem Solving, Critical Thinking, Mathematics, and 6 more.

Required Technical Competencies

  • Application server software, Operating system software, Network security or virtual private network VPN management software, and 1 more.

Job Description

As an Application Security Engineer (Application Penetration Tester) you will be responsible for performing manual application security assessments and communicating any findings to the Development and QA teams.  Additionally, you will provide application design support and security best practice guidance, in the form of consultations, to various development teams and Business stakeholders.

 

You will be working with a team of highly skilled Application Security Engineers that are responsible for the application security and security testing of CME Group’s applications and services.  This is a great environment to get exposure to a wide array of technologies and progress your application security career, while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.

 

Required Experience

·         5+ years’ experience performing whitebox application penetration testing (Web, APIs, Microservices, Mobile, Thick clients); or ability to demonstrate equivalent knowledge

·         Excellent skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, IDA Pro, Kali, etc.

·         Experience performing manual application source code security reviews for various languages such as: Java, .Net (C#, VB#), C++

·         Experience with UNIX or Linux.

·         Experience with scripting languages such as: Python, bash, Powershell, etc.

·         Knowledge of containers and cloud technologies

·         Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates

·         Self-motivated and a self-starter. If you have a question, be pro-active in finding the answer and communicate your learnings with teammates

·         Excellent oral and written communications skills

 

Preferred Experience:

·         Experience working with containers and container orchestration tools

·         Experience working in a DevSecOps and Continuous Integration/Continuous Delivery (CI/CD) environment

·         OSCP/OSWE, GWAPT, GMOB, GPYC, or other relevant security certifications are a plus

 

Principal Accountabilities

·         Perform manual application penetration testing at key points in the Software Development Life Cycle (SDLC)

·         Produce documentation (reports) and present the findings discovered during your security assessments

·         Provide application security consulting services at critical points in the SDLC

·         Have an interest in continuing your education and staying current within the application security domain

 

Education

·         A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience