Better Futures Start Now. Grow your FinTech career at NinjaTrader or start your futures trading journey with us.
Staff Security Engineer, Application Security
Location
Illinois
Posted
2 days ago
Salary
$210K - $260K / year
Seniority
Senior
Job Description
Staff Security Engineer, Application Security
NinjaTrader
Disclaimer: Please be advised that the most accurate and up-to-date information about our open roles—including job descriptions, compensation, and benefits—can only be guaranteed on our official job board. For the latest listings and details, please visit: https://job-boards.greenhouse.io/ninjatrader. JOIN US ON OUR MISSION TO BECOME THE #1 RETAIL TRADING PLATFORM IN THE WORLD Welcome to the dynamic world of NinjaTrader! As an industry-leading trading platform and futures broker, we're empowering traders to take control of their financial destiny. How do we do it? We provide cutting-edge products and services that enhance the trading journey. Whether a seasoned pro or just starting out, NinjaTrader equips traders with award-winning software and brokerage services to navigate the world's leading financial markets with confidence. Our growth story is nothing short of exhilarating. Since 2003, NinjaTrader has been dedicated to understanding and supporting traders on their journey toward trading triumph. Through those efforts, our user base has grown to over 2 million users and we have become the number one rated futures brokerage worldwide. But we're not stopping there. We're constantly evolving, pushing boundaries, and modernizing the futures industry. Our commitment to innovation means users will always have access to dynamic tools, real-time support, and a community of like-minded traders. So, why work at NinjaTrader? Here, you're not just part of a team; you're part of a movement. We empower employees to reach new heights in their careers by providing a dynamic culture focused on social connection, professional development, and employee recognition initiatives. Sounds too good to be true? Take it from our employees. Join us as we redefine what's possible in trading, advocate for our customers, and continue our journey toward becoming the world's top retail-focused trading platform in the world. What you'll do: We're looking for a Staff Security Engineer, Application Security to help scale and mature our security program. You'll own key security domains and initiatives end-to-end, working closely with engineering to ensure systems are secure by design. This role is highly hands-on, with opportunities to drive meaningful impact through automation, secure design, and developer enablement. You'll operate with significant autonomy while partnering with senior engineers and security leadership to scale security across the organization. In this role you will: - Own key security domains such as vulnerability management, application security, API security, and supply chain security - Drive improvements in security coverage, prioritization, and remediation workflows - Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows - Provide actionable, pragmatic guidance that helps teams ship securely - Develop and improve security tooling and automation to reduce manual effort - Implement and tune tools for SAST, SCA, DAST, dependency security, and container security - Leverage AI/LLMs where appropriate to improve triage, detection, and review processes - Triage and prioritize vulnerabilities using risk-based approaches - Partner with teams to ensure timely remediation of critical issues - Help define and improve SLAs, metrics, and reporting - Conduct threat modeling, design reviews, and security assessments - Contribute to incident response and postmortems for security events - Identify and help remediate systemic risks What you'll need: - 7+ years of experience in Application Security, Product Security, or Security Engineering - Strong hands-on experience with threat modeling and secure design - Experience with vulnerability management and application security tooling - Experience working in cloud-native environments such as AWS and GCP - Experience integrating security into CI/CD pipelines and developer workflows - Ability to write code in Python, Go, or similar languages for automation and tooling - Strong ability to work cross-functionally with engineering teams Bonus points for: - Experience scaling security in a high-growth or late-stage startup - Familiarity with AI-driven security workflows or automation - Background in API security, data protection, or multi-tenant systems - Experience with bug bounty programs and penetration testing - Security certifications such as CISSP Compensation: The salary range for this role will be $210,000.00 - $260,000.00 USD. In addition, this position will also receive an annual target bonus of 12%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%). Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 23 days per year (some positions may qualify for more) plus seven paid holidays. Location: This role is based in Chicago, IL. *There may be remote flexibility for exceptional candidates in the following states: California, Colorado, Florida, Georgia, Illinois, Indiana, Minnesota, Missouri, Montana, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Washington DC, Wisconsin. Hybrid: For Chicago-based employees, we follow a hybrid work schedule: In-office Tuesday through Thursday, with remote work on Mondays and Fridays. In addition to these weekly remote days, we offer: - 20 additional flex remote days annually - 5 Company Wide Office-Optional weeks tied to major holidays Our Core Benefits Include: - Generous PTO - 7 Paid Holidays Annually + 5 Conditional Holidays Annually - 1 Service Day Annually - 401k with 3.5% Company Match - Paid Parental Bonding Leave - Health, Vision, Dental Coverage - Life and Disability Insurance Covered 100% by NinjaTrader We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Global Head of Technology and Cybersecurity Internal Audit
CSCCSC is a global leader in providing business, legal, tax, and digital brand services to companies around the world. With more than 8,000 employees, CSC operates in more than 140 jurisdictions, delivering solutions that help businesses thrive. We pride ourselves on our client-focused approach, market-leading expertise, and unmatched global reach.
Global Head of Technology & Cybersecurity Internal Audit Remote- Mid-Atlantic Region Monday to Friday 8:00 am to 5:00 pm The Global Head of Technology & Cybersecurity Internal Audit is a leadership role within the Internal Audit function, responsible for providing independent assurance and strategic insight over technology, cybersecurity, and emerging risk domains across a global, highly regulated organization. This role reports to the Global Head of Internal Audit and partners closely with Enterprise Technology, Risk Management, Compliance, and senior business leaders to evaluate the design and effectiveness of governance, risk management, and control frameworks. The role has global coverage and requires deep experience operating in complex international environments, with a particular focus on cybersecurity, cloud, data, and the responsible use of artificial intelligence. What you will be doing: Audit Leadership & Assurance - Design and maintain a risk‑based technology and cyber internal audit plan aligned to enterprise risks, regulatory expectations, and the evolving threat landscape. - Lead and oversee end‑to‑end technology, cybersecurity, IT, and data‑related internal audits across global operations, including audit planning, risk assessment, execution, reporting, and issue validation. - Oversee the execution of IT and cybersecurity audits performed by third-party providers, ensuring work quality, adherence to Internal Audit standards, alignment with CSC’s risk framework, and appropriate coverage of key risks and controls. - Provide independent assurance over information security, cyber resilience, cloud environments, identity and access management, data protection, third‑party risk, and technology resilience. - Evaluate controls supporting compliance with relevant regulations, standards, and frameworks (e.g., GDPR, ISO 27001, DORA, NIST, and other regional supervisory expectations). Cybersecurity, Technology & AI Focus - Assess the maturity and effectiveness of cybersecurity governance, incident response, threat management, and vulnerability management programs from an internal audit perspective. - Lead audits and risk assessments covering cloud infrastructure, SaaS platforms, system development life cycles, and emerging technologies. - Evaluate the design and use of AI and advanced analytics within the organization, including governance, model risk, data quality, ethical use, and cybersecurity implications from an internal audit perspective. - Serve as a trusted advisor on emerging technology risks, including AI adoption, automation, and digital transformation initiatives. Stakeholder Engagement & Advisory - Build strong relationships with senior technology, security, risk, and compliance leadership across regions. - Present audit results, themes, and emerging risks to executive management and the audit committee in a clear and impactful manner. - Provide pragmatic, risk‑based recommendations that improve control effectiveness while enabling business objectives. Team & Function Leadership - Lead, mentor, and develop audit professionals (internally and third-party firms) across multiple geographies. - Contribute to the internal audit roadmap, methodology enhancements, and continuous improvement initiatives. - Support quality assurance and improvement activities in alignment with IIA standards and regulatory expectations. What technical skills, experience and qualifications do you need? - 8+ years of progressive experience in internal audit, technology risk, IT audit, or cybersecurity - Proven experience working within large, international organizations operating in highly regulated environments (e.g., financial services, fintech, global services, or complex multinationals). - Deep expertise in technology and cybersecurity risk management, including cloud, data, infrastructure, and third‑party ecosystems. - Strong understanding of internal control frameworks, regulatory requirements, and supervisory expectations across multiple jurisdictions. Professional Credentials - Bachelor’s degree in Computer Science, Information Security, Engineering or equivalent - Professional certifications such as CIA, CISA, CISSP, CRISC, or equivalent preferred. Key attributes - Executive‑level communication and presentation skills. - Strong judgment with the ability to balance risk, control, and innovation. - Ability to operate effectively across cultures, regions, and time zones. - Willingness to travel to CSC Headquarters in Wilmington, DE on quarterly basis and internationally as required. *This role is not eligible for employment visa sponsorship (e.g., H‑1B, TN, E‑3) now or in the future. At CSC, compensation decisions are dependent on a number of factors including job location and the knowledge and experience of each individual. A reasonable estimate of the current range is $134,376.00 to $170,630.00 #LI-AM1 #LI-Remote #Internalauditopportunities #CSCCareers Responsibilities - Design and maintain a risk-based internal audit plan for technology and cyber domains. - Lead and oversee technology, cybersecurity, and data-related audits across global operations. - Manage third-party IT and cybersecurity audits, ensuring quality and alignment with CSC's risk framework. - Provide independent assurance for information security, cyber resilience, and data protection. - Evaluate compliance with regulations and standards like GDPR, ISO 27001, and NIST. - Assess cybersecurity governance and incident response programs. - Lead audits for cloud infrastructure, SaaS, and emerging technologies. - Evaluate AI and advanced analytics governance and usage. - Serve as an advisor for emerging technology risks and digital initiatives. - Build strong relationships with senior leaders and present audit findings to executive management. Qualifications - 8+ years of experience in internal audit, technology risk, or cybersecurity. - Proven track record in large, international, highly regulated organizations. - Expertise in technology and cybersecurity risk management, including cloud and data ecosystems. - Strong understanding of internal control frameworks and regulatory requirements across jurisdictions. - Bachelor's degree in Computer Science, Information Security, or Engineering. - Professional certifications (CIA, CISA, CISSP, CRISC) are preferred. - Excellent communication and presentation skills for executive-level interactions. - Ability to balance risk, control, and innovation with a strong judgment. - Cultural sensitivity and the ability to work across regions and time zones. - Willingness to travel internationally as needed. About Us CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.® Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other. CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued. CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging, CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC. We encourage candidates to apply directly to our website and not through third-party sources. Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications. About the Team At CSC®, we’re always looking ahead, finding ways to innovate, challenge the status quo, and anticipate the needs of our clients. We exceed expectations by adapting client ambitions and goals as our own. This Fierce Client Spirit has helped us adapt and create solutions that have enabled businesses to run smoother and smarter for more than 125 years. It’s also the reason we’re the trusted partner of many of the world’s most successful organizations. CSC is committed to attracting, developing, and retaining talented people whose values align with ours. We empower our colleagues to bring the right solutions to market to meet client demand. That’s why we are the leading provider of business administration and compliance solutions. - CSC is a great place to work with smart and dedicated people. - We have won several employer recognition awards, including Top Workplace USA, Great Places to Work India, and Built In’s Best Places to Work. - We offer fulfilling work and career opportunities. Most positions are filled with internal moves and employee referrals. - Employees are eligible for Success Sharing, bonuses, or commission plans based on role and individual performance. - CSC offers a competitive and comprehensive benefits package that includes annual leave, tuition reimbursement, referral bonuses, and more. - As business needs allow, CSC offers hybrid or remote work schedules in alignment with local regulations. Specific details for this position will be discussed during the interview process.
• Plan and execute full‑scope red team engagements, including reconnaissance, initial access, lateral movement, privilege escalation, command-and-control, and objective completion • Emulate real-world threat actors using established TTPs (e.g., MITRE ATT&CK) • Conduct phishing and social engineering campaigns within defined legal and ethical constraints • Develop and maintain custom tooling, payloads, and infrastructure to support operations • Collaborate closely with Blue Team, Purple Team, Threat Intelligence, and Incident Response partners • Produce clear, technically accurate engagement reports and executive-ready summaries • Contribute to detection engineering by identifying gaps in controls, telemetry, and response processes • Support continuous improvement of red team methodologies, playbooks, and governance processes • Mentor junior operators and contribute to team knowledge sharing
Public Facing Security Researcher
CertiKThe Premier Blockchain and Smart Contract Cybersecurity Company
• Work closely with the Web3 Task Force Team to create stronger connections to the blockchain ecosystem. • Speak at conferences about your area of expertise on behalf of CertiK. • Complete interviews about various Web3 security topics. • Perform tasks cross-functionally among the various teams at CertiK. • Support the marketing and feedback collection of CertiK’s products and services.
• Create and maintain high-quality legal content for data privacy & cybersecurity • Research and monitor legal, practice, and market developments • Support development of AI-powered tools with legal expertise • Collaborate on tech development and product enhancements • Maintain relationships with external contributors and industry groups • Support sales and marketing initiatives




