Lead DevSecOps Engineer

CME Group - Chicago, IL

posted 12 days ago

Full-time - Mid Level
Remote - Chicago, IL
Securities, Commodity Contracts, and Other Financial Investments and Related Activities

About the position

The Lead DevSecOps Engineer at CME Group is responsible for developing, engineering, and providing operational support for security functions that enhance the security of applications running in the Google Cloud Platform (GCP). This hybrid role involves collaborating with internal teams to integrate security capabilities into CI/CD pipelines, ensuring secure design and deployment practices, and supporting observability and monitoring functions using SRE principles. The position requires a strong understanding of cloud-native designs and the ability to mentor team members while contributing to the overall success of the DevSecOps capabilities.

Responsibilities

  • Support research and design of new security capabilities for integration with CME's secure CI/CD pipelines.
  • Support the deployment design of new security capabilities integrated with traditional and GITOps style deployment pipelines.
  • Package and deploy infrastructure as code (IaC) for all security capabilities using languages like HCL, Kubernetes KRM yaml, and AWS CloudFormation.
  • Program in scripting languages for pipeline integration support needs, including Python, Go, and Groovy.
  • Contribute to operational support activities for security capabilities, including preparing documentation and responding to internal support queries.
  • Support operational activities of security tooling workloads running in Kubernetes Engine.
  • Design and develop observability metrics and monitoring capabilities for security functions using DevOps or SRE principles.
  • Create and publish metrics on security functions usage and remediation status for developers and project teams.
  • Collaborate regularly with peers across multiple divisions within CME Group.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Systems, or related field, or equivalent work experience.
  • 6+ years of application development and/or infrastructure engineering experience.
  • 4+ years of hands-on experience with application deployments in the Cloud (AWS, GCP, Azure).
  • Experience with DevSecOps tools and frameworks for managing infrastructure as code, such as GCP Anthos Configuration Management, Terraform, Chef, Puppet, Ansible.
  • Experience with DevSecOps tools like Jenkins, Maven, Git, and Ansible.
  • Experience working with containers and container systems such as Docker and Kubernetes.
  • Ability to write code and scripts to automate provisioning of cloud services using tools and languages including cloud provider command line tools, Kubectl, Jenkins, Python, Bash, and Git.
  • Experience with programming languages such as Java, Python, JavaScript (Node.JS), Groovy, and IaC languages.
  • Experience with logging/monitoring using cloud-native tools like AWS CloudWatch, GCP Cloud Logging, and Splunk.
  • Familiarity with ticketing systems such as Jira.

Nice-to-haves

  • Basic technical understanding of security and regulatory frameworks (e.g., CIS, NIST 800, PCI, HIPAA).
  • Exposure to security technologies (IDS/IPS, WAF).
  • Familiarity with the Atlassian (Jira) SDK and the Atlassian development and integration process.

Benefits

  • Hybrid work environment with 2 days on-site.
  • Opportunities for professional development and career growth.
  • Collaborative work culture with leading experts.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service