C

Lead DevSecOps Engineer

CME Chicago Mercantile Exchange
Full-time
On-site
Chicago, United States

This role is Hybrid/ 2 days on site.

We don's support fully remote options of work and outside of state.


The CME Group Lead Security Engineer - DevSecOps participates in the development, engineering and operational support for security functions that support CME’s applications running in the Google Cloud Platform (GCP).  
This includes support of security functions supporting secure design and development activities such as CI pipeline integrated tooling (code vulnerability scanning, 3rd party library vulnerability scanning, etc.) and support for security functions implementing deployment time controls, such as CD pipeline integrated infrastructure as code (IaC) validation.
The role requires contributing to the design, development, testing, deployment and operational support of all supported DevSecOps capabilities.
Operational support includes support to internal customers, namely developers and project teams, as well as development of observability and monitoring capabilities for all supported functions using SRE style principles.
A successful candidate will be someone who can both mentor and learn from their team members, in an effort to better the entire team and the team’s contributions.
A strong understanding of Cloud Native designs, software defined deployments and infrastructure (e.g., CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principals, etc.) will be necessary for the ultimate success of the candidate in this role.
While not a requirement, a basic technical understanding of security and regulatory frameworks (e.g., CIS, NIST 800, PCI, HIPAA, etc.) and/or exposure to certain security technologies (IDS/IPS, WAF, etc.) would be very desirable.  

Principal Responsibilities

  • Support research and design of new security capabilities to be integrated with CME’s secure CI/CD pipelines. 

  • Support the deployment design of any new security capabilities. Deployments to be integrated with both traditional and/or GITOps style deployment pipelines configured in platforms like  Hashicorp Terraform, GCP Anthos Configuration Management (ACM), AWS CodeDeploy, etc.

  • Support the deployment packaging and deployment infrastructure as code (IaC) of all security capabilities. Languages include Hashicorp Configuration Language (HCL) , Kubernetes KRM yaml, AWS CloudFormation, etc.

  • Programming in some scripting language for pipeline integration support needs. Languages used include python, Go, Groovy and others.

  • Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups.

  • Contribute to operational support activities of security tooling workloads running in Kubernetes Engine. Experience with AWS EKS, GCP GKE, Mirantis MKE, etc.

  • Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles.

  • Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.

  • This role will collaborate regularly with various peers in group settings across multiple divisions within CME Group.

 
Education

  • A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.


Experience

  • 6+ years of application development and/or infrastructure engineering experience

  • 4+ years of active hands on experience with application deployments in the Cloud (AWS, GCP, Azure)

  • Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) GCP Anthos Configuration Management, Terraform, Chef, Puppet, Ansible, etc.

  • Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible

  • Experience working with containers and container systems such as Docker and Kubernetes

  • Write code and scripts to automate provisioning of cloud services and to configure services, using tools and languages including typical cloud provider command line tools, Kubectl, Jenkins, Python, Bash, and Git

  • Experience with some programming languages: Java, Python, JavaScript (Node.JS), Groovy, IaC languages, etc

  • Experience with logging/monitoring understanding using cloud native tools like AWS CloudWatch, GCP Cloud Logging, Splunk, etc.

  • Experience with ticketing systems such as Jira

  • Any familiarity with the Atlassian (Jira) SDK and the Atlassian development and integration process is desirable

  • Ability to work across teams and geographic locations

  • Excellent oral and written communication skills

Certifications

  • While a certification is not absolutely required, one or more of the following would be desirable: CISSP, CSSLP, GSSP-*, CASE, CERT Secure Coding, PECB Lead Secure Application Developer, GCP Associate Cloud Engineer, GCP Cloud Developer, GCP Cloud Security Engineer, GCP Cloud DevOps Engineer, GCP Cloud Architect, similar cloud certifications from other cloud providers, CNCF Certified Kubernetes Administrator, etc.

#LI-Hybrid
#LI-DS
#dice
 

CME Group : Where Futures are Made

CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.