Security Engineer II - Vulnerability Mitigation

Job Description

DescriptionSecurity Engineer II - Vulnerability Mitigation provides basic support, with direction, for detection, assessment, communication, and remediation coordination of security vulnerabilities, as well as basic support for file integrity monitoring and OS configurationmanagement compliance. The incumbent must be familiar with Linux/Windows server and application administration and configuration, networking, scripting and automation, distributed computing, cloud technologies, and security. Ability to work independently aswell as communication, documentation, and strong problem-solving skills are required to collaborate with more senior engineers and select information technology areas, with supervision. This is an excellent opportunity for the right candidate to transitionfrom systems administration or engineering to the information security field. The Security Engineer II - Vulnerability Mitigation:

• Focuses on the detection, prioritization, and remediation of vulnerabilities in accordance with established standard operating procedures, with supervision.
• Follows established troubleshooting processes under the supervision and guidance of more experienced team members to support information technology teams in remediating vulnerabilities.
• Assists with managing Qualys vulnerability scanning infrastructure to include configuring and scheduling scans, conducting ad-hoc scans, and creating reports.
• Assists with managing vulnerability scanning and remediation of GKE container images in GCP.
• Provides basic supports for file integrity monitoring and OS configuration management compliance processes and works with technology teams on resolving the findings.
• Uses JIRA ticketing system to manage vulnerability lifecycle and tracks SLA breaches.
• Leverages other enterprise tools such as Splunk, BMC Discovery, BMC CMDB, Snow to assist in assessing vulnerabilities and risk and maintaining an accurate asset inventory for complete scan coverage.
• Uses Archer GRC platform to manage vulnerability remediation risk exception process.
• Participates in the continuous improvement of the enterprise vulnerability management program.

Principal Accountabilities :

• Able to follow established procedures and guidelines to troubleshoot issues with vulnerability scanning, file integrity monitoring, and the associated services, schedules, and reporting processes, with supervision.
• Provides basic support in evaluation and remediation of known vulnerabilities and known issues with unauthorized change detection. Documents known issues, if necessary.
• Defines simple problems. Gathers and compares data about problems and documents the details to assist more senior engineers.
• Demonstrates basic understanding of some of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture (client server, cloud, intranet/internet),hardware/operating system/application interaction, and security.
• Collaborates with more senior team members to determine an optimal solution for stakeholders based on established standard operating procedures.
• Supports more senior engineers in gathering data to assist in setting policies.
• Stays up to date on security trends, vulnerability alerts and advisories.

Qualifications :

• 1-3 years of vulnerability management, systems engineering, or networking experience.
• Bachelors degree in Information Technology or related field, or equivalent work experience.

Skills & Software Requirements :

• Linux/Windows administration and configuration
• Scripting (bash, Powershell)
• Basic networking
• Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7, etc.)
• Familiarity with issue tracking systems (JIRA, Remedy, etc.)
• Familiarity with collaboration tools (Confluence, etc.)

Nice to Have :

• Industry certification (CompTIA Security+, CISSP, CCSP, SSCP, etc.)
• Experience with container scanning technologies
• Experience with vulnerability management in GCP
• Experience with Tripwire
• Experience with Akamai
• Java or Python programming experience
• Experience with Splunk, BMC Discovery, Snow, BMC CMDB

CME Group: Where Futures Are Made CME Group (www.cmegroup.com) is the worlds leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, allwhile working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more. At CME Group, we embrace our employees diverse experiences, cultures and skills, and work to ensure that everyones perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplaceand consider all potential employees without regard to any protected characteristic. The Candidate Privacy Policy can be found here.