Security Engineer - Application Penetration Tester

  • Competitive
  • London, England, United Kingdom
  • Permanent, Full time
  • Chicago Mercantile Exchange
  • 26 May 19

Security Engineer - Application Penetration Tester

CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

To learn more about what a career at CME Group can offer you, visit us at .

Security Engineer - Application Penetration Tester


The Application Penetration Tester is responsible for performing manual application security assessments (application pentests) and communicating any findings to the Development and QA teams.  Additionally, the engineer will provide application design support and security best practice guidance, in the form of consultations, to various Development teams and Business stakeholders.

You will work with a team of highly skilled Application Security Engineers that are responsible with testing the security of CME Group's applications and services.  This is a great environment to get exposure to a wide array of technologies and progress your application security career, while providing value to CME and helping to ensure that our applications are designed and coded in a secure fashion.


  • 1+ years' experience performing blackbox and/or whitebox web application penetration testing.
  • Advanced skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, Kali, etc.
  • Ability to interpret code for various languages such as: Java, .Net (C#, VB#), C++.
  • Have a passion for application security, willingness to continue growing your skills in this domain, and be able to share your passion and learnings with teammates.
  • Excellent oral and written communications skills.

Nice to have:
  • Experience with UNIX or Linux is a plus.
  • Experience with scripting languages such as: Python, bash, Powershell is a plus.
  • Experience with containers (Docker, Kubernetes) is a plus.
  • Experience with DevSecOps and Continuous Integration/Continuous Delivery (CI/CD) is a plus.
  • OSCP/OSWE, GWAPT, GMOB, GPYC, or other relevant security certifications are a plus.

Principal Accountabilities
  • Perform manual application penetration testing at key points in the Software Development Life Cycle (SDLC).
  • Produce documentation (reports) and present the findings discovered during your security assessments.
  • Have an interest in continuing your education and staying current within the application security domain.

  • A Bachelor's or Master's degree in Computer Science, Information Systems or other related discipline is required; or equivalent combination of education and relevant proven work experience.

For EU Residents, the Candidate Privacy Policy can be found here.