Sr Security Engineer - Vulnerability Governance

Sr Security Engineer – Vulnerability Governance provides oversight of the CME’s vulnerability management program to ensure all related processes are being executed according to established procedures. This is an opportunity for the right person to become a key part of a team of global information security professionals that are executing a pivotal role in protecting and defending the CME’s critical infrastructure. This candidate will be a key participant in the design, assessment and execution of vulnerability governance measurements, metrics, and analysis. Ability to work independently as well as communication, documentation, and strong problem-solving skills are required to collaborate with more senior engineers and select information technology areas, with some supervision.

Sr Security Engineer – Vulnerability Governance

• Provides oversight and ensures the effective operation of the vulnerability management program. Ensures compliance with policies and procedures.
• Tests vulnerability management engineering solutions to ensure compliance with the program’s business requirements.
• Assists with the design and execution of vulnerability management program oversight measures, dashboards, and metrics across a wide variety of assets and applications.
• Assesses results of measures and metrics to identify risk across critical areas of the vulnerability management program and to verify that the program operates as designed.
• Develops and implements governance frameworks and policies for vulnerability management.
• Identifies risk areas to include in the oversight program, as well as identifies the most effective methods of presenting audit results.
• Collaborates with cross-functional teams to gather data and contribute to program alignment.
• Researches new developments in vulnerability governance oversight.
  
  

Principal Accountabilities

• Follows established procedures and guidelines to provide the oversight of the CME’s vulnerability management program, with some supervision.
• Accurately defines problem statements of above average complexity. Gathers and compares data about problems, documents the details, and prepares analysis reports.
• Demonstrates understanding of most of the following: cybersecurity concepts, security frameworks, risk management principles, vulnerability management and governance principles.
• Collaborates with team members and other teams within the technology division to determine an optimal solution for stakeholders based on established standard operating procedures.
• Supports more senior engineers in gathering data to assist in setting policies.
• Stays up to date on security trends, vulnerability alerts and advisories.
• Accurately works with numbers, metrics, and spreadsheets. Produces professional-level charts and presentations.
• Comprehends and monitors complex business systems and integrated processes.
• Capable to communicate effectively with all levels of employees.
  
  

Qualifications

• 5 years of vulnerability governance, vulnerability management, risk management, or IT compliance experience.
• Bachelor’s degree in Information Technology, Business Information Systems, or related field; or equivalent work experience.
  
  

Skills & Software Requirements

• Google productivity tools
• Strong analytical and problem-solving skills
• Excellent verbal and written communication skills
• Familiarity with issue tracking systems (JIRA, Remedy, etc.)
• Familiarity with collaboration tools (Confluence, etc.)
  
  

Nice To Have

• Experience with Qualys or other vulnerability scanning tools.
• Familiarity with security frameworks (NIST, ISO 27001, COBIT, etc.)
• Scripting (bash, PowerShell)
• Experience with vulnerability management lifecycle.
• Experience with container scanning technologies
• Experience with vulnerability management in GCP
• QA testing
  
  

CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $111,100-$185,100. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.

CME Group : Where Futures are Made

CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone’s perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic.

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.