CME Group, a major player in global financial markets, is seeking a Cyber Defense Response Analyst II to focus on responding to and remediating cyber incidents. The role involves leading incident response efforts, conducting threat hunting, and developing security tools while collaborating with a global team.
Drive the full incident response lifecycle from initial triage to remediation, confidently applying specialty skills like endpoint forensics and malware analysis
Conduct regular threat hunts to identify misconfigurations, detection gaps, and other anomalies
Use AI, Python and REST APIs to build/integrate security tools for ad-hoc needs, while working with automation engineers to develop heavy-duty solutions for advanced use-cases
Lead regular tabletop exercises to improve team readiness
Contribute continuously to our internal knowledge base of incident response runbooks and playbooks, keeping it exhaustive, accurate, and reflective of the latest workflows
Qualification
Required
Digital Forensics and Incident Response: Drive the full incident response lifecycle from initial triage to remediation, confidently applying specialty skills like endpoint forensics and malware analysis. Be ready to operate in a multi-cloud environment
Threat Hunting: Conduct regular threat hunts to identify misconfigurations, detection gaps, and other anomalies
Automation & Engineering: Use AI, Python and REST APIs to build/integrate security tools for ad-hoc needs, while working with automation engineers to develop heavy-duty solutions for advanced use-cases
Tabletop Exercises (TTX): Lead regular tabletop exercises to improve team readiness
Technical Documentation: Contribute continuously to our internal knowledge base of incident response runbooks and playbooks, keeping it exhaustive, accurate, and reflective of the latest workflows
Innate Curiosity: An exceptional level of curiosity and a track record of self-teaching advanced technical concepts
Highly Innovative: You have a strong record of creative problem solving and taking unorthodox approaches to challenges
A 'Researcher' Mindset: A passion for collecting facts, debating details, and diving into 'rabbit holes' to solve complex problems
Adept at High-Pressure Communication: Ability to deal effectively at all levels of the organization and translate technical research into clear, actionable intelligence for leadership
Record of Academic Excellence: A strong academic record with a demonstrated ability to innovate within information security
Highly Detail Oriented: Very strong attention to detail; you are the person who notices the one log entry that doesn't belong
Education: BA/BS in Engineering, Computer Science, or Information Security (non-tech degrees acceptable with appropriate levels of Information Security job experience and/or certifications)
Preferred
DFIR Background: 2-4 years of practical experience with Digital Forensics, Incident Handling, and/or Malware Analysis
Demonstrated hands-on experience with leading forensics tools like KAPE, EnCase, Cellebrite, FTK, Magnet Axiom, and Autopsy, and comfort with malware analysis tools like Ghidra, Ida Pro, PEStudio, and x64dbg
SIEM/Data Analysis: 2–4 years of experience with Q Radar, Sentinel, Splunk, Chronicle, ArcSight, or similar log management technologies
Strong IT Fundamentals: Strong understanding of computer networking, operating systems, and their intersection with Cybersecurity
Programming Skills: Development experience with Python, specifically for data manipulation (Pandas) and interacting with security tool APIs
Cloud Experience: Practical experience with AWS, GCP, or Azure
Certifications: GCIH, GCFE, GCFA, OSCP, Sec+, and similar cyber-oriented certifications are desired
Benefits
Annual target bonus opportunity
Broad-based equity program
Comprehensive health coverage
Retirement package that includes both a 401(k) and an active pension plan
