CME Group is a leading derivatives marketplace focused on global financial markets, and they are seeking a Cyber Defense Response Analyst II. This mid-level technical role involves responding to and remediating cyber incidents, conducting threat hunts, and contributing to the internal knowledge base of incident response procedures.
Drive the full incident response lifecycle from initial triage to remediation, confidently applying specialty skills like endpoint forensics and malware analysis
Conduct regular threat hunts to identify misconfigurations, detection gaps, and other anomalies
Use AI, Python and REST APIs to build/integrate security tools for ad-hoc needs, while working with automation engineers to develop heavy-duty solutions for advanced use-cases
Lead regular tabletop exercises to improve team readiness
Contribute continuously to our internal knowledge base of incident response runbooks and playbooks, keeping it exhaustive, accurate, and reflective of the latest workflows
Qualification
Required
Drive the full incident response lifecycle from initial triage to remediation, confidently applying specialty skills like endpoint forensics and malware analysis
Be ready to operate in a multi-cloud environment
Conduct regular threat hunts to identify misconfigurations, detection gaps, and other anomalies
Use AI, Python and REST APIs to build/integrate security tools for ad-hoc needs
Work with automation engineers to develop heavy-duty solutions for advanced use-cases
Lead regular tabletop exercises to improve team readiness
Contribute continuously to our internal knowledge base of incident response runbooks and playbooks, keeping it exhaustive, accurate, and reflective of the latest workflows
An exceptional level of curiosity and a track record of self-teaching advanced technical concepts
A strong record of creative problem solving and taking unorthodox approaches to challenges
A passion for collecting facts, debating details, and diving into 'rabbit holes' to solve complex problems
Ability to deal effectively at all levels of the organization and translate technical research into clear, actionable intelligence for leadership
A strong academic record with a demonstrated ability to innovate within information security
Very strong attention to detail; you are the person who notices the one log entry that doesn't belong
Education: BA/BS in Engineering, Computer Science, or Information Security (non-tech degrees acceptable with appropriate levels of Information Security job experience and/or certifications)
Preferred
2-4 years of practical experience with Digital Forensics, Incident Handling, and/or Malware Analysis
Demonstrated hands-on experience with leading forensics tools like KAPE, EnCase, Cellebrite, FTK, Magnet Axiom, and Autopsy
Comfort with malware analysis tools like Ghidra, Ida Pro, PEStudio, and x64dbg
2–4 years of experience with Q Radar, Sentinel, Splunk, Chronicle, ArcSight, or similar log management technologies
Strong understanding of computer networking, operating systems, and their intersection with Cybersecurity
Development experience with Python, specifically for data manipulation (Pandas) and interacting with security tool APIs
Practical experience with AWS, GCP, or Azure
Certifications: GCIH, GCFE, GCFA, OSCP, Sec+, and similar cyber-oriented certifications are desired
