Security Engineer II - India

About the role

The Application Security Engineer is responsible for performing manual application security assessments (application pentests) and communicating security findings to the developers and QA teams. Additionally, the individual will provide application design support and security best practice guidance, in the form of consultations, to various development teams and business stakeholders. This individual will also actively promote security through engaging interactive workshops and exercises, such as internal Capture The Flag (CTF) events. Principal Accountabilities Serve as the primary application security resource for development teams, offering security consulting and best practice guidance throughout the Software Development Life Cycle (SDLC). Perform manual security assessments at key points in the SDLC. Produce documentation (reports) and present findings of manual security assessments to various stakeholders. Contribute to automation initiatives, including the integration of new security tools and processes (e.g., AI). Demonstrate a commitment to continuous education and staying current within the application security domain, promoting collaboration and knowledge sharing. Skills Requirements: 3+ years experience with industry standard penetration testing, or ability to demonstrate equivalent knowledge. Experience in performing blackbox/greybox/whitebox security assessments of applications (e.g., web applications, APIs, thick clients, web sockets) which use HTTP and/or proprietary protocols. Excellent skills with application security testing tools including: Burpsuite, sqlmap, nmap, etc. Experience performing manual reviews of application source code for security vulnerabilities written in various languages including: Java, Javascript, .Net (C#), etc. Experience with Cloud architectures, security principles and services. Google Cloud Platform (GCP) is preferred. Experience with automating security testing and/or other relevant activities to streamline service delivery. Preferred scripting languages: Python, bash, Powershell, etc. Experience with UNIX or Linux. A self-starter who is highly motivated. Proactively seek answers, ask for help when needed, and communicate solutions. Excellent Oral and Written communications skills. Ability to effectively communicate and interface with peers and stakeholders at all levels.

Requirements

• Experience in securing modern APIs, including knowledge of authentication/authorization standards like OAuth 2.0 and JWT, and understanding API-specific vulnerabilities.
• Experience in conducting formal threat modeling using frameworks like STRIDE to identify potential security flaws in the design phase.
• Experience with AI/ML security testing methodologies, including understanding of OWASP Top 10 for Large Language Models (LLMs) and common AI security vulnerabilities, and using AI to improve pentesting.
• Experience with prior development work.
• Experience with application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
• Experience with Capture The Flag (CTF) competitions and bug bounty programs.
• Relevant industry certifications such as OSCP, eWPTX, CCSP, GCP Professional Cloud Security Engineer, etc.
• CME Group: Where Futures are Made
• At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone's perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Additional Information

Offensive Security - Application Security Engineer II - India

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cmegroup? Share your experience