Lead Security Engineer - DevSecOps Engineer

Job Description

DescriptionWhere Futures Are Made - CME Group is the worlds leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your successand you own it - all while working alongside a team of leading experts who inspire you in ways big and small. With 2,500 employees located around the world, were small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic and the work is unlike any other firm in the business. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more. The CME Group Lead Security Engineer - DevSecOps participates in the development, engineering and operational support for security functions that support CMEs applications running in the Google Cloud Platform (GCP). This includes supportof security functions supporting secure design and development activities such as CI pipeline integrated tooling (code vulnerability scanning, 3rd party library vulnerability scanning, etc.) Support for security functions implementing deployment time controls,such as CD pipeline integrated infrastructure as code (IaC) validation. The role requires contributing to the design, development, testing, deployment and operational support of all supported DevSecOps capabilities. Operational support includes support to internal customers, namely developers and project teams, as well as developmentof observability and monitoring capabilities for all supported functions using SRE style principles. A successful candidate will be someone who can both mentor and learn from their team members, in an effort to better the entire team and the teams contributions. A strong understanding of Cloud Native designs, software defined deployments and infrastructure (e.g., CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principals, etc.) will be necessary for the ultimate success of the candidatein this role. While not a requirement, a basic technical understanding of security and regulatory frameworks (e.g., CIS, NIST 800, PCI, HIPAA, etc.) and/or exposure to certain security technologies (IDS/IPS, WAF, etc.) would be very desirable. Principal Responsibilities

• Support research and design of new security capabilities to be integrated with CMEs secure CI/CD pipelines.
• Support the deployment design of any new security capabilities. Deployments to be integrated with both traditional and/or GITOps style deployment pipelines configured in platforms like Hashicorp Terraform, GCP Anthos Configuration Management (ACM), AWSCodeDeploy, etc.
• Support the deployment packaging and deployment infrastructure as code (IaC) of all security capabilities. Languages include Hashicorp Configuration Language (HCL) , Kubernetes KRM yaml, AWS CloudFormation, etc.
• Programming in some scripting language for pipeline integration support needs. Languages used include python, Go, Groovy and others.
• Contribute to operational support activities for all security capabilities This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups
• Contribute to operational support activities of security tooling workloads running in Kubernetes Engine. Experience with AWS EKS, GCP GKE, Mirantis MKE, etc.
• Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles.
• Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.

This role will collaborate regularly with various peers in group settings across multiple divisions within CME Group EducationA Bachelors or Masters degree in Computer Science, Information Systems or other related field; or equivalent work experience. Experience

• Approximately 6+ years of application development and/or infrastructure engineering experience
• Active hands on experience with application deployments in the Cloud (AWS, GCP, Azure)
• Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) GCP Anthos Configuration Management, Terraform, Chef, Puppet, Ansible, etc.
• Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible
• Experience working with containers and container systems such as Docker and Kubernetes
• Write code and scripts to automate provisioning of cloud services and to configure services, using tools and languages including typical cloud provider command line tools, Kubectl, Jenkins, Python, Bash, and Git
• Experience with some programming languages: Java, Python, JavaScript (Node.JS), Groovy, IaC languages, etc
• Experience with logging/monitoring understanding using cloud native tools like AWS CloudWatch, GCP Cloud Logging, Splunk, etc.
• Experience with ticketing systems such as Jira
• Any familiarity with the Atlassian (Jira) SDK and the Atlassian development and integration process is desirable
• Ability to work across teams and geographic locations
• Excellent oral and written communication skills

Certifications

• While a certification is not absolutely required, one or more of the following would be desirable: CISSP, CSSLP, GSSP-*, CASE, CERT Secure Coding, PECB Lead Secure Application Developer, GCP Associate Cloud Engineer, GCP Cloud Developer, GCP Cloud SecurityEngineer, GCP Cloud DevOps Engineer, GCP Cloud Architect, similar cloud certifications from other cloud providers, CNCF Certified Kubernetes Administrator, etc.

CME Group: Where Futures Are Made CME Group (www.cmegroup.com) is the worlds leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, allwhile working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more. At CME Group, we embrace our employees diverse experiences, cultures and skills, and work to ensure that everyones perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplaceand consider all potential employees without regard to any protected characteristic. The Candidate Privacy Policy can be foun