
Posted 10 days ago
Principal Application Security Engineer
Cboe Global MarketsPrincipal Application Security Engineer
Perks & benefits
Medical InsurancePaid Leave
Requirements
12+ years application security experience, Software engineering background, Proficiency in backend languages (C++, Go, Java, C#, Python, or Node.js), Kubernetes security expertise, DevSecOps tooling integration experience, Hybrid cloud security experience
Skills
KubernetesDevSecOpsPython
About the role
Responsibilities
- Own secure architecture reviews and threat modeling for new systems, establishing direction for Kubernetes trust boundaries and API authorization models.
- Define and drive adoption of application and API security standards, including authentication patterns and mitigations for common vulnerability classes.
- Set technical direction for Kubernetes workload security, including RBAC, pod security controls, namespace isolation, and network policies.
- Establish container image security strategies, including secure base image standards, vulnerability management, and SBOM practices.
- Drive the design and adoption of DevSecOps guardrails in CI/CD pipelines, integrating SAST, SCA, secret scanning, and IaC scanning.
- Lead the secure adoption of AI-enabled development and security capabilities, establishing patterns for secure code review and automated assessments.
- Own the strategy for risk-based software vulnerability management, including triage, exploitability assessment, and remediation priorities.
Requirements
- 12+ years of experience in application security, product security, or software engineering.
- Proven ability to read, write, and review production-grade code in at least one modern backend language (C++, Go, Java, C#, Python, or Node.js).
- Strong working knowledge of Kubernetes security primitives (RBAC, namespaces, service accounts, pod security) and container build practices.
- Hands-on experience integrating DevSecOps tooling (SAST, SCA, secret scanning, IaC/container scanning) into CI/CD pipelines.
- Experience securing hybrid environments with workloads running in both public cloud (EKS, AKS, GKE) and on-premises Kubernetes platforms.
- Bachelor's degree in Computer Science, Information Security, or a related field preferred.
Preferred Qualifications
- Relevant security certifications such as CSSLP, CKS, OSCP, or AWS/Azure Security Specialty.
Benefits
- Medical, Dental, and Vision coverage.
- 401K or Pension Company Match.
- Employee Stock Purchase Plan (ESPP).
- Paid Time Off and Retirement Savings Plan.
- Life and AD&D Insurance.
About the Company
Cboe Global Markets provides the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing, and investment solutions to market participants around the world.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freePrincipal Application Security Engineer
Cboe Global Markets · Chicago
