Principal Application Security Engineer

About the role

Job Description: Building trusted markets - powered by our people At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world. We're building meaningful ways to support professional and personal development while strengthening the trust we've earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to "go for it" and equip our managers with the training to coach their teams to the next level. We strive to provide employees a safe space to network, share ideas and create opportunities. To support strong partnership and team connection, this role follows a four day in office work model. Location Overview Cboe HQ is located in the historic Old Post Office district, it's a landmark that blends classic architecture with modern amenities. The building features expansive spaces with high ceilings and large windows, offering an abundance of natural light and panoramic views of the city skyline and the Chicago River. With its prime location in the heart of downtown, the OPO Building provides easy access to major transportation hubs, including Union Station and multiple CTA lines, making it convenient for commuters. The building is home to a variety of amenities, including restaurants, a fitness center, and collaborative workspaces, creating a vibrant and dynamic work environment in one of Chicago's most iconic areas. Role Overview Cboe's Cybersecurity team is seeking a Principal Application Security Engineer to provide senior technical leadership and end-to-end ownership for embedding pragmatic, scalable security across our hybrid engineering ecosystem. In this role, you will partner closely with application, platform, and infrastructure teams to define secure-by-default architecture patterns, shape strategic security direction, and drive implementation of security controls throughout the software development lifecycle (SDLC) across microservices, APIs, and containerized workloads operating in both public cloud and on-premises Kubernetes environments. You will operate as a principal-level individual contributor with broad technical influence, accountable for setting direction in complex or ambiguous situations, making high-impact architectural decisions, and driving consistent security outcomes across multiple teams and platforms. This role requires deep hands-on expertise, strong systems thinking, and the ability to influence engineering practices, standards, and priorities at scale while serving as a trusted technical leader for both security and engineering stakeholders. This position reports to the Senior Manager, Application and Cloud Security. Your responsibilities will be: Application & API Security Own secure architecture reviews and threat modeling for new systems and major changes, establishing architectural direction for Kubernetes trust boundaries, secure service-to-service communication, and API authorization models across the environment Define, mature, and drive adoption of application and API security standards, including authentication and authorization patterns, input validation requirements, and mitigations for common vulnerability classes such as SSRF, injection, and access control flaws Provide principal-level guidance for high-risk code and design changes, resolving complex security tradeoffs and driving remediation approaches that are durable, scalable, and aligned to engineering realities Act as a senior technical partner to engineering leadership, influencing roadmaps, architecture decisions, and secure-by-default design patterns across the organization Kubernetes, Container & DevSecOps Security Own Kubernetes workload security standards across multi-cluster environments, setting technical direction for RBAC, pod security controls, namespace isolation, network policies, secrets management, and platform guardrails Establish and continuously evolve the container image security strategy, including secure base image standards, vulnerability management expectations, SBOM practices, and deployment controls that prevent risky configurations from reaching production Drive the design and adoption of DevSecOps guardrails in CI/CD pipelines, ensuring SAST, SCA, secret scanning, container scanning, and IaC scanning are integrated through high-signal workflows that scale across engineering teams with minimal developer friction Software Vulnerability Management & Security Enablement Own the strategy for risk-based software vulnerability management, including triage, exploitability assessment, remediation priorities, service level expectations, and metr

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cboe? Share your experience