Overview
On Site
USD 125,300.00 - 208,800.00 per year
Full Time
Skills
Vulnerability Scanning
Development Testing
Mentorship
NIST SP 800 Series
Payment Card Industry
HIPAA
IDS
IPS
WAF
Research
Continuous Integration
Continuous Delivery
YAML
Scripting Language
Documentation
DevOps
Computer Science
Information Systems
Application Development
Microsoft Azure
Management
Configuration Management
Terraform
Progress Chef
Puppet
DevSecOps
Apache Maven
Ansible
Docker
Kubernetes
Scripting
Provisioning
Command-line Interface
Jenkins
Bash
Git
Programming Languages
Java
Python
JavaScript
Node.js
Groovy
Amazon Web Services
Google Cloud Platform
Google Cloud
Cloud Computing
Splunk
JIRA
SDK
Atlassian
Collaboration
Communication
CISSP
Job Details
This role is Hybrid/ 2 days on site.
We don's support fully remote options of work and outside of state.
The CME Group Lead Security Engineer - DevSecOps participates in the development, engineering and operational support for security functions that support CME's applications running in the Google Cloud Platform (Google Cloud Platform).
This includes support of security functions supporting secure design and development activities such as CI pipeline integrated tooling (code vulnerability scanning, 3rd party library vulnerability scanning, etc.) and support for security functions implementing deployment time controls, such as CD pipeline integrated infrastructure as code (IaC) validation.
The role requires contributing to the design, development, testing, deployment and operational support of all supported DevSecOps capabilities.
Operational support includes support to internal customers, namely developers and project teams, as well as development of observability and monitoring capabilities for all supported functions using SRE style principles.
A successful candidate will be someone who can both mentor and learn from their team members, in an effort to better the entire team and the team's contributions.
A strong understanding of Cloud Native designs, software defined deployments and infrastructure (e.g., CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principals, etc.) will be necessary for the ultimate success of the candidate in this role.
While not a requirement, a basic technical understanding of security and regulatory frameworks (e.g., CIS, NIST 800, PCI, HIPAA, etc.) and/or exposure to certain security technologies (IDS/IPS, WAF, etc.) would be very desirable.
Principal Responsibilities
Education
Experience
Certifications
#LI-Hybrid
#LI-DS
#dice
CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $125,300-$208,800. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.
CME Group : Where Futures are Made
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it - all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
We don's support fully remote options of work and outside of state.
The CME Group Lead Security Engineer - DevSecOps participates in the development, engineering and operational support for security functions that support CME's applications running in the Google Cloud Platform (Google Cloud Platform).
This includes support of security functions supporting secure design and development activities such as CI pipeline integrated tooling (code vulnerability scanning, 3rd party library vulnerability scanning, etc.) and support for security functions implementing deployment time controls, such as CD pipeline integrated infrastructure as code (IaC) validation.
The role requires contributing to the design, development, testing, deployment and operational support of all supported DevSecOps capabilities.
Operational support includes support to internal customers, namely developers and project teams, as well as development of observability and monitoring capabilities for all supported functions using SRE style principles.
A successful candidate will be someone who can both mentor and learn from their team members, in an effort to better the entire team and the team's contributions.
A strong understanding of Cloud Native designs, software defined deployments and infrastructure (e.g., CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principals, etc.) will be necessary for the ultimate success of the candidate in this role.
While not a requirement, a basic technical understanding of security and regulatory frameworks (e.g., CIS, NIST 800, PCI, HIPAA, etc.) and/or exposure to certain security technologies (IDS/IPS, WAF, etc.) would be very desirable.
Principal Responsibilities
- Support research and design of new security capabilities to be integrated with CME's secure CI/CD pipelines.
- Support the deployment design of any new security capabilities. Deployments to be integrated with both traditional and/or GITOps style deployment pipelines configured in platforms like Hashicorp Terraform, Google Cloud Platform Anthos Configuration Management (ACM), AWS CodeDeploy, etc.
- Support the deployment packaging and deployment infrastructure as code (IaC) of all security capabilities. Languages include Hashicorp Configuration Language (HCL) , Kubernetes KRM yaml, AWS CloudFormation, etc.
- Programming in some scripting language for pipeline integration support needs. Languages used include python, Go, Groovy and others.
- Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups.
- Contribute to operational support activities of security tooling workloads running in Kubernetes Engine. Experience with AWS EKS, Google Cloud Platform GKE, Mirantis MKE, etc.
- Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles.
- Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.
- This role will collaborate regularly with various peers in group settings across multiple divisions within CME Group.
Education
- A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.
Experience
- 6+ years of application development and/or infrastructure engineering experience
- 4+ years of active hands on experience with application deployments in the Cloud (AWS, Google Cloud Platform, Azure)
- Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) Google Cloud Platform Anthos Configuration Management, Terraform, Chef, Puppet, Ansible, etc.
- Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible
- Experience working with containers and container systems such as Docker and Kubernetes
- Write code and scripts to automate provisioning of cloud services and to configure services, using tools and languages including typical cloud provider command line tools, Kubectl, Jenkins, Python, Bash, and Git
- Experience with some programming languages: Java, Python, JavaScript (Node.JS), Groovy, IaC languages, etc
- Experience with logging/monitoring understanding using cloud native tools like AWS CloudWatch, Google Cloud Platform Cloud Logging, Splunk, etc.
- Experience with ticketing systems such as Jira
- Any familiarity with the Atlassian (Jira) SDK and the Atlassian development and integration process is desirable
- Ability to work across teams and geographic locations
- Excellent oral and written communication skills
Certifications
- While a certification is not absolutely required, one or more of the following would be desirable: CISSP, CSSLP, GSSP-*, CASE, CERT Secure Coding, PECB Lead Secure Application Developer, Google Cloud Platform Associate Cloud Engineer, Google Cloud Platform Cloud Developer, Google Cloud Platform Cloud Security Engineer, Google Cloud Platform Cloud DevOps Engineer, Google Cloud Platform Cloud Architect, similar cloud certifications from other cloud providers, CNCF Certified Kubernetes Administrator, etc.
#LI-Hybrid
#LI-DS
#dice
CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $125,300-$208,800. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.
CME Group : Where Futures are Made
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it - all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.