Description Senior Cyber Defense Engineer - Web Application and API Protection (WAAP) Position Summary
This is a perfect opportunity for the right person to become a key part of a team of cyber security professionals that are executing a pivotal role in protecting and defending the nation's critical infrastructure. The Senior Cyber Defense Engineer will be a member of the Data, Application & Forensic function on the CyberDefense Engineering Team. This role will be responsible for cyber defense capability of web application and API protection technology and processes. Working closely with teammates within CyberDefense, Technology Application Development and Technology Infrastructure & Operations, this engineer will be responsible for the engineering, deployment, maintenance and enhancement of the WAAP infrastructure and content rules. Position Responsibilities
- Manage WAF technologies to ensure on-premises web applications as well as cloud hosted web applications are protected from OWASP Top 10 vulnerabilities which includes, but is not limited to, installation, implementation, administration, content creation (rules, reports, dashboards, etc.), and operations support
- Manage API protection solutions to ensure online web applications are protected from OWASP Top 10 vulnerabilities for APIs as well as focusing on API abuse prevention
- Performs environment health assessments, capacity planning and performance benchmarks providing operational assurance (operational readiness)
- Respond to cyber defense incident alerts (CDIA), provide appropriate CDIA reporting, investigate WAAP incidents, perform ITIL Incident \ Problem tracking
- Responsible for WAAP product lifecycle including, but not limited to, product patches, product upgrades, product redesigns, product end of life, etc.
- Interface with other Global Information Security (GIS) departments, as well as, other Technology departments and business stakeholders
- A minimum of 4 years' engineering experience with WAF and API Security technologies, that include Installation, Implementation, Administration, Content Creation (rules, reports, dashboards, etc.), and operations support
- Exposure \ knowledge of WAAP technology integration with SIEM technologies
- Expert knowledge of SSL Inspection, Access Control, Policy Management, TCP\IP layer 3-7 and general networking structures
- Understanding of Network Firewall technologies and operation.
- Knowledge of programming languages a plus (i.e. Java, .NET, Python, etc.)
- Knowledge System hardening concepts and techniques
- A good understanding of Industry Security standards such as ISO27002, NIST Cyber Security Framework, etc.
- Previous experience as a Network Administrator \ Network Engineer a plus
- Operating knowledge of ITIL (ITIL Certification a plus)
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.