Cyber Security Specialist (SecDevOps)



Software Engineering
Amsterdam, Netherlands
Posted on Friday, July 14, 2023

Job Description

Building trusted markets —powered by our people.

At Cboe Clear Europe, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world.

We’re building inclusive ways to support professional and personal development while strengthening the trust we’ve earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to “go for it” and equip our managers with the training to coach their teams to the next level. Our Associate Resource Groups champion diversity, equity and inclusion, giving associates a safe space to network, share ideas and create opportunities.

Sound like the place for you? Join us!

The Cyber & Information Security team is hiring for Cyber Security Specialist (SecDevOps).

The Cyber Security specialist at Cboe Clear Europe will be reporting into the CISO. This role will give you exposure to both legacy and cutting-edge technologies and work across both infrastructure, Web, and Cloud. You will be responsible for Security implementations, delivering high quality services and solutions across all application development platforms. You perform design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations including the design of the appropriate securty testing.

In this role you’ll be responsible for:

  • Participate in infrastructure design reviews and threat modelling sessions, promote best cloud infrastructure practices
  • Deliver/integrate security tooling to DevOps delivery pipelines.
  • Perform design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations.
  • Perform security assessments, testing, and manual code review of applications.
  • Performing post incident root-cause analysis and develop and implement strategies to prevent recurrence.
  • Create technical security standards for relevant technologies.
  • Assist with development and delivery of Cboe Clear Europe application security strategy.
  • Responsible for monitoring and driving Application Security Compliance during project lifecycle.
  • Work with stakeholders to implement security solutions and initiatives addressing new vulnerabilities.
  • Delivering the technical aspects through plan, design, build for project and compliance security testing
  • Responsible for development of solutions to secure architecture requirements and standards.
  • Engage across multiple functions on a global level to ensure Code Development Lifecycles are in place and application verification is drive through all application development programs.
  • Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders.

The ideal candidate has:

  • At least 5+ years of hands-on experience of application security. This could either be as an AppSec specialist within a security team, or as an engineer and/or developer with significant experience of securing and defending applications against real-world threats.
  • Implement and review security controls on other layers of infrastructure: applications within Kubernetes clusters, service virtual machines, SaaS
  • Knowledge of common application security issues, and able to identify these via design assessment and threat modelling.
  • Strong understanding of SecDevOps principals, and how security controls can be effectively integrated to DevOps pipelines.
  • Several years of experience in providing CI/CD, run and observability services to other teams
  • Familiarity with Threat Modelling frameworks such as STRIDE, PASTA and MITRE ATT&CK
  • Able to read and write code (languages we typically use include Python, Swift, Java, Javascript)
  • Knowledge of security aspects of some of the following:
  • Security tooling e.g. SAST, DAST, IaC scanning, Container vulnerability scanning
  • Modern web applications and related technologies (Angular, React, Spring, etc).
  • APIs and microservices
  • Authentication/Authorization technologies e.g. OAuth, SAML
  • Knowledge of common technologies used to deliver and support applications e.g. Linux, Windows, databases, load balancers, containerization, public/private cloud environments.
  • Knowledgeable about PKI infrastructure.
  • Familiarity with common application related compliance requirements – e.g. GDPR, EMIR,
  • Strong written and verbal communication skills, ability to form strong business relationships across multiple locations. Ability to create management reporting to convey operational metrics, trends, or other key information.
  • Experience of analyzing, assessing, and resolving complex technology requirements, problems, and issues
  • Strong experience in designing, integrating, and deploying security solutions in a dynamic, high pressure working environment.
  • Demonstrate strong influencing and persuading skills, encourage colleagues and teams to change established processes, achieve improvements, and best practice.
  • Bachelor’s degree in cyber security, Network/Security Engineering, Computer Science, MIS, CIS, related field, or extensive relevant work experience
  • Certification in any of the following preferred: CISSP, CISM, CISA, CCSP or equivalent

You’ll really stand out with:

  • Previous work with a Fin-Tech company is preferred but not required
  • Additional security industry training such as SANS or Offensive Security preferred
  • Knowledge of information security concepts and technologies, including cyber risk, third party risk, and security governance
  • Knowledge of a wide range of security/risk management frameworks like NIST, CIS etc.
  • Experience working in a complex cloud-based IT organization is a plus

Benefits and Perks

We value the total wellbeing of our people – including health, financial, personal and social wellness. We believe standard benefits like health insurance and fair pay are a given at any organization. Still, you should know we offer:

  • Fair and competitive salary and incentive compensation packages with an upside for overachievement
  • Cboe offer premium free pension contributions .
  • Enhanced paid parental leave to support parents
  • EAP - This service intends to help employees deal with personal problems that might adversely impact their work performance, health and well-being. This service includes short- term counselling and referral services for employees and their immediate family.
  • ClassPass Corporate Membership which provides access to on-demand classes, livestream classes, in-person classes and wellness sessions across different fitness genres. (taxable benefit)
  • 25 days holiday per year per holiday year for full time employees, increasing with length of service at a rate of one extra day per completed years’ service, up to a maximum of 30 days.
  • Flexible, hybrid work environment, where you choose where and how you work (2/3 days per week in office)
  • Discounted Employee Stock Purchase Plan
  • Employee referral bonus program
  • Complimentary lunch, snacks and drinks in any Cboe office
  • Paid tuition assistance and education opportunities
  • Generous charitable giving company match
  • Volunteer opportunities to help you give back to your communities

More About Cboe Clear Europe

We’re reimagining the future of the workplace by focusing on what matters most, our people. Our journey is an inclusive one. We’re investing deeply in leadership programs and career development initiatives that ensure everyone has an equal chance to succeed. We celebrate the diversity in our communities, inside and out, and welcome new perspectives with equity, inclusion and belonging.

We work with purpose, solving problems with ingenuity, collaboration, and a lot of passion. We’re an engaged and excited team connecting markets across borders and embracing growth in all its forms to achieve incredible outcomes.

Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any other third party communication tools for recruiting purposes.