Lead AppSec Engineer - CME Group Chicago, IL, USA Bookmark Share Print 406 0 2

Listing Description

CME Group Application Security Lead provides leadership on security subject matter through design & delivery of integrated solution architectures and development of standards and reference architectures.  By adding your experience and extensive knowledge on multiple technologies and solutions to the team’s collective skills and experience we further enhance our ability to provide secure technical design recommendations that target on delivering business value through successful project and program delivery. 

The Lead position will participate in all functions related to Application Security Architecture, including: application security strategy and roadmap planning, acting as a security liaison to the business, and help facilitate demand management.

This role requires a high level of technical expertise in multiple disciplines within Software Development and Application Security,

including:

• Support and maturation of a Secure Software Development Lifecycle (secure SDLC)
• Contribution to or review of blackbox/greybox/whitebox security assessments
• Providing application design support and guidance to development teams for legacy and new development
• Contribute to writing process/standards/guidelines/reference architectures to contribute to corporate software security maturity
• Coud computing (AWS, GCP, Azure),
• Regulatory frameworks (CIS, NIST, RegSCI, HIPAA, etc.)
• Security stack technologies (IDS/IPS, SIEM, etc.) among other disciplines

Principal Accountabilities:

• This role will actively lead the creation and updating of standards and reference architectures.
• This role will help forecast demand for Application Security Architecture services by meeting with CME business units to better understand their needs.
• Lead application security assessments and assist in planning the remediation of assessment, audit, and regulatory findings
• Participate in development of the security roadmap, and communicate GIS’ vision to business partners and IT staff
• Monitor and enhance secure architecture standards within the Software Development Lifecycle
• Perform application security architectural assessments

Education:

• A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.

Experience:

• 5+ years of experience providing enterprise and/or security architecture support in publicly traded companies or finance/technology industry; or minimum 5 years as a consultant to such companies at a commensurate level.
• 7+ years of security analysis, design and service development OR demonstrated ability to meet job requirements through a comparable number of years of technical work experience
• Advanced knowledge of application security assessments
• 3+ years performing reviews of application architectures for security vulnerabilities and threat modeling
• Experience with application interdependency and application design/design patterns
• Experience with scripting languages
• Experience with Amazon Web Services, Microsoft Azure and other internal and external cloud providers.

Certifications

• Preferred: one or more certifications, including: GSEC, CISSP, CISA, GIAC, GPEN, PMP, MCSE, GCIA, GCIH, CSSLP