Lead Security Software Engineer

About The Position

Requirements

• A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.
• 6+ years of application development and/or infrastructure engineering experience.
• 2+ years of active hands-on experience with application deployments in the Cloud (AWS, GCP, Azure).
• Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) CloudFormation, Terraform, Chef, Puppet, Ansible, etc.
• Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible.
• Experience working with containers and container systems such as Docker and Kubernetes.
• Experience writing code and scripts to automate provisioning of AWS services and to configure services, using tools and languages including AWS CLI / API, Jenkins, Python, Bash, and Git.
• Experience with Java, Python, JavaScript (Node.js) and possibly .NET (C#, C++).
• Experience with logging/monitoring understanding using tools such as CloudWatch and Splunk, etc.
• Experience with ticketing systems such as Jira.
• Familiarity with current and emerging technologies and patterns in software development and architectures, especially within the Cloud Native space.
• Ability to work across teams and geographic locations.
• Excellent oral and written communication skills.
• Relevant experience designing, implementing, and supporting larger-scale software products.

Nice To Haves

• A basic technical understanding of security frameworks (CIS, NIST 800, PCI, HIPAA) and exposure to security technologies (IDS/IPS, WAF) is highly desirable.
• Any familiarity with the Atlassian (Jira) SDK and the Atlassian development process is desirable.
• Experience with UX/UI design, wireframing, and any of the major client-side visualization libraries (e.g., D3.js, etc.) is desirable.
• CISSP, CSSLP, GSSP-, CASE, CERT Secure Coding, PECB Lead Secure Application Developer certifications.

Responsibilities

• Actively drive and contribute to designs of secure software reference designs, delivery systems, and enterprise-wide solutions that demonstrate secure coding principles and practices.
• Take responsibility for primary contributions to the implementation of various software products within the GIS team, inclusive of all aspects of the Secure SDLC process through to maturity.
• Conduct unit, integration, and system testing of any code produced and projects contributed to, utilizing prior background and experience.
• Demonstrate high skill in programming language proficiency, with mastery in at least one primary language area.
• Write unit tests for test-driven implementations with minimal guidance.
• Exhibit skilled knowledge of database and data architectures, and how to securely access and incorporate them throughout the execution lifecycle of an application.
• Identify potential opportunities for code optimization.
• Provide input for code reviews and help with environment build deployment (local mockups and CI/CD), release notes, and build notices.
• Create any necessary development documentation as necessary, such as: use cases, user requirements, design specifications, technical specifications, process flows, data flow diagrams, sequence diagrams, communications diagrams, etc.
• Review code to proactively identify and mitigate potential issues and defects and help to identify sources of defects as well as troubleshoot various forms of code.
• Collaborate regularly with various peers in group settings across multiple divisions within CME Group to help produce applied examples of reference architectures and help establish the next generation of secure SDLC at CME Group through implementation projects.

Benefits

• Enterprise-wide impact by shaping security standards and architectures across multiple engineering divisions.
• A supportive environment fostering career progression, continuous learning, and an inclusive culture.
• Broad exposure to CME's diverse products, asset classes, and cross-functional teams.
• A competitive salary and comprehensive benefits package.
• Comprehensive health coverage
• A retirement package that includes both a 401(k) and an active pension plan
• Highly competitive education reimbursement provisions
• Paid time off
• A mental health benefit