The Lead Security Software Engineer at CME Group participates in all functions related to software security design, secure SDLC techniques, and applying strong, secure design patterns with minimal oversight at a task level. This position acts as a constructive, communicative team member and mentor who contributes to software security strategy and roadmap planning, serves as a security liaison to external groups, and develops secure reference designs and products across the Global Information Security (GIS) group and the larger enterprise.

The role requires deep software engineering expertise and prior experience in secure SDLC disciplines (such as strong cryptography, authentication/authorization, secure data handling, auditing, and input validation). Additionally, a strong understanding of modern software architectures—including microservices, Cloud Native designs, and software-defined deployments (CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principles)—is necessary for success. While not required, a basic technical understanding of security frameworks (CIS, NIST 800, PCI, HIPAA) and exposure to security technologies (IDS/IPS, WAF) is highly desirable.

What You’ll Get:

• Enterprise-wide impact by shaping security standards and architectures across multiple engineering divisions.

• A supportive environment fostering career progression, continuous learning, and an inclusive culture.

• Broad exposure to CME's diverse products, asset classes, and cross-functional teams.

• A competitive salary and comprehensive benefits package.

Explore our full range of benefits.

What You'll Do:

• Actively drive and contribute to designs of secure software reference designs, delivery systems, and enterprise-wide solutions that demonstrate secure coding principles and practices.

• Take responsibility for primary contributions to the implementation of various software products within the GIS team, inclusive of all aspects of the Secure SDLC process through to maturity.

• Conduct unit, integration, and system testing of any code produced and projects contributed to, utilizing prior background and experience.

• Demonstrate high skill in programming language proficiency, with mastery in at least one primary language area.

• Write unit tests for test-driven implementations with minimal guidance.

• Exhibit skilled knowledge of database and data architectures, and how to securely access and incorporate them throughout the execution lifecycle of an application.

• Identify potential opportunities for code optimization.

• Provide input for code reviews and help with environment build deployment (local mockups and CI/CD), release notes, and build notices.

• Create any necessary development documentation as necessary, such as: use cases, user requirements, design specifications, technical specifications, process flows, data flow diagrams, sequence diagrams, communications diagrams, etc.

• Review code to proactively identify and mitigate potential issues and defects and help to identify sources of defects as well as troubleshoot various forms of code.

• Collaborate regularly with various peers in group settings across multiple divisions within CME Group to help produce applied examples of reference architectures and help establish the next generation of secure SDLC at CME Group through implementation projects.

What You'll Bring:

• A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.

• 6+ years of application development and/or infrastructure engineering experience.

• 2+ years of active hands-on experience with application deployments in the Cloud (AWS, GCP, Azure).

• Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) CloudFormation, Terraform, Chef, Puppet, Ansible, etc.

• Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible.

• Experience working with containers and container systems such as Docker and Kubernetes.

• Experience writing code and scripts to automate provisioning of AWS services and to configure services, using tools and languages including AWS CLI / API, Jenkins, Python, Bash, and Git.

• Experience with Java, Python, JavaScript (Node.js) and possibly .NET (C#, C++).

• Experience with logging/monitoring understanding using tools such as CloudWatch and Splunk, etc.

• Experience with ticketing systems such as Jira.

• Any familiarity with the Atlassian (Jira) SDK and the Atlassian development process is desirable.

• Experience with UX/UI design, wireframing, and any of the major client-side visualization libraries (e.g., D3.js, etc.) is desirable.

• Familiarity with current and emerging technologies and patterns in software development and architectures, especially within the Cloud Native space.

• Ability to work across teams and geographic locations.

• Excellent oral and written communication skills.

• Relevant experience designing, implementing, and supporting larger-scale software products.

• Certifications: While a certification is not absolutely required, one or more of the following would be desirable: CISSP, CSSLP, GSSP-*, CASE, CERT Secure Coding, PECB Lead Secure Application Developer. 

#LI-DD1