Lead Security Software Engineer

The Lead Security Software Engineer at CME Group participates in all functions related to software security design, secure SDLC techniques, and applying strong, secure design patterns with minimal oversight at a task level. This position acts as a constructive, communicative team member and mentor who contributes to software security strategy and roadmap planning, serves as a security liaison to external groups, and develops secure reference designs and products across the Global Information Security (GIS) group and the larger enterprise.

The role requires deep software engineering expertise and prior experience in secure SDLC disciplines (such as strong cryptography, authentication/authorization, secure data handling, auditing, and input validation). Additionally, a strong understanding of modern software architectures—including microservices, Cloud Native designs, and software-defined deployments (CI/CD pipelines, Infrastructure-as-Code, immutable and idempotent declarative principles)—is necessary for success. While not required, a basic technical understanding of security frameworks (CIS, NIST 800, PCI, HIPAA) and exposure to security technologies (IDS/IPS, WAF) is highly desirable.

What You’ll Get:

Enterprise-wide impact by shaping security standards and architectures across multiple engineering divisions.

A supportive environment fostering career progression, continuous learning, and an inclusive culture.

Broad exposure to CME's diverse products, asset classes, and cross-functional teams.

A competitive salary and comprehensive benefits package.

Explore our full range of benefits .

What You'll Do:

Actively drive and contribute to designs of secure software reference designs, delivery systems, and enterprise-wide solutions that demonstrate secure coding principles and practices.

Take responsibility for primary contributions to the implementation of various software products within the GIS team, inclusive of all aspects of the Secure SDLC process through to maturity.

Conduct unit, integration, and system testing of any code produced and projects contributed to, utilizing prior background and experience.

Demonstrate high skill in programming language proficiency, with mastery in at least one primary language area.

Write unit tests for test-driven implementations with minimal guidance.

Exhibit skilled knowledge of database and data architectures, and how to securely access and incorporate them throughout the execution lifecycle of an application.

Ident ify potential opportunities for code optimization.

Provide input for code reviews and help with environment build deployment (local mockups and CI/CD), release notes, and build notices.

Create any necessary development documentation as necessary, such as: use cases, user requirements, design specifications, technical specifications, process flows, data flow diagrams, sequence diagrams, communications diagrams, etc.

R eview code to proactively identify and mitigate potential issues and defects and help to identify sources of defects as well as troubleshoot various forms of code.

Collaborate regularly with various peers in group settings across multiple divisions within CME Group to help produce applied examples of reference architectures and help establish the next generation of secure SDLC at CME Group through implementation projects.

What You'll Bring:

A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.

6+ years of application development and/or infrastructure engineering experience.

2+ years of active hands-on experience with application deployments in the Cloud (AWS, GCP, Azure).

Experience in using DevSecOps tools and frameworks for managing infrastructure as code like (or similar to) CloudFormation, Terraform, Chef, Puppet, Ansible, etc.

Experience with DevSecOps tools such as Jenkins, Maven, Git, and Ansible.

E xperience working with containers and container systems such as Docker and Kubernetes.

Experience writing code and scripts to automate provisioning of AWS services and to configure services, using tools and languages including AWS CLI / API, Jenkins, Python, Bash, and Git.

Experience with Java, Python, JavaScript (Node.js) and possibly .NET (C#, C++).

Experience with logging/monitoring understanding using tools such as CloudWatch and Splunk, etc.

Experience with ticketing systems such as Jira.

Any familiarity with the Atlassian (Jira) SDK and the Atlassian development process is desirable.

Experience with UX/UI design, wireframing, and any of the major client-side visualization libraries (e.g., D3.js, etc.) is desirable.

Familiarity with current and emerging technologies and patterns in software development and architectures, especially within the Cloud Native spac e.

Ability to work across teams and geographic locations.

Excellent oral and written communication skills.

Relevant experience designing, implementing, and supporting larger-scale software products.

Certifications: While a certification is not absolutely required, one or more of the following would be desirable: CISSP, CSSLP, GSSP-*, CASE, CERT Secure Coding, PECB Lead Secure Application Developer.

#LI-DD1

CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The pay range for this role is $119,900-$199,800. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active pension plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic benefits package for our team and their dependents.

CME Group: Where Futures are Made

CME Group is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone’s perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process.