Sr. Security Engineer - Red Team - NY

CME GroupNew York, NY
10h

About The Position

Join the Global Information Security (GIS) department at CME Group as a Sr. Cyber Security Engineer - Threat Simulation. You will be an integral part of our Offensive Security organization, directly contributing to improving CME Group’s security posture. This high-impact role is responsible for the execution of Red Team adversary emulations against our complex hybrid environment, proactively testing and strengthening our internal and internet-facing systems. You'll also be a key participant in Purple Team activities to continuously improve the organization's cyber detection and response capabilities. This is a perfect opportunity for a sharp, action-oriented engineer to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure. What You'll Get Elevate your expertise in a supportive environment fostering continuous learning, rapid career progression, and an inclusive, global team culture. Gain broad exposure to CME Group's diverse products, asset classes, and cross-functional teams, expanding your impact across critical financial infrastructure. Receive a competitive salary and comprehensive benefits package. What You'll Do As a key member of our offensive security team, you will:

Requirements

  • 5+ years’ experience wielding industry-standard penetration testing and adversary emulation tools (e.g., Cobalt Strike, Sliver, Mythic, Bloodhound, Burp Suite).
  • Expert understanding of the MITRE ATT&CK Framework and advanced evasion techniques used to bypass modern security controls.
  • Strong comprehension of the cyber kill chain and the full lifecycle of an Advanced Persistent Threat (APT) targeting financial institutions.
  • Proficiency in at least one scripting language (e.g., Python, PowerShell) and experience with a compiled language (e.g., Go, C#) for tool development.
  • Deep experience attacking and securing complex cloud, on-prem, and hybrid environments, from initial access through actions on objective.
  • Solid knowledge of Windows and Linux system hardening concepts, Purple Team automation strategies, and vulnerability rating methodologies.
  • Proven experience with security within at least one major cloud provider (e.g., AWS, Azure, GCP).

Nice To Haves

  • Previous hands-on experience performing sophisticated adversary emulations/simulations specifically within the financial services sector.
  • A recognized offensive security industry certification (e.g., OSCP, GPEN, GXPN, OSWE, eCPTX) demonstrating specialized, high-impact skills.
  • Familiarity with modern enterprise security standards and frameworks (e.g., TIBER-EU, CBEST, NIST CSF).
  • Experience conducting offensive security exercises against emerging technologies, such as AI/ML systems or macOS.

Responsibilities

  • Execute high-impact Red Team exercises against our complex hybrid cloud environments, driven by real-world threat intelligence and the MITRE ATT&CK Framework.
  • Engineer and maintain robust Red and Purple Team infrastructure, continuously automating processes for efficiency and scale.
  • Co-design and lead joint Purple Team exercises, directly partnering with cyber defense to improve detection and response capabilities.
  • Innovate through continuous research into new offensive security TTPs (Tactics, Techniques, and Procedures) and drive knowledge transfer across the security organization.
  • Conduct specialized, ad-hoc offensive security tests utilizing industry-leading and internally developed tooling to uncover subtle security gaps.
  • Author comprehensive post-exercise reports, including detailed technical findings, compromise narratives, and strategic, risk-rated recommendations for remediation.
  • Mentor cyber defense teams during incident investigations, providing critical subject matter expertise on attacker tradecraft and mindset.
  • Champion security awareness and technical knowledge-sharing by collaborating with information security, technology, and business stakeholders.

Benefits

  • competitive salary
  • comprehensive benefits package
  • annual target bonus opportunity
  • opportunity to become an owner in the company through our broad-based equity program
  • comprehensive health coverage
  • retirement package that includes both a 401(k) and an active pension plan
  • highly competitive education reimbursement provisions
  • paid time off
  • mental health benefit
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service