Engineer, Application Security
Indexed description
We're building meaningful ways to support professional and personal development while strengthening the trust we've earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to "go for it" and equip our managers with the training to coach their teams to the next level. We strive to provide employees a safe space to network, share ideas and create opportunities.
Sound like the place for you? Join us!
Location Overview
Cboe HQ is located in the historic Old Post Office district, it's a landmark that blends classic architecture with modern amenities. The building features expansive spaces with high ceilings and large windows, offering an abundance of natural light and panoramic views of the city skyline and the Chicago River.
With its prime location in the heart of downtown, the OPO Building provides easy access to major transportation hubs, including Union Station and multiple CTA lines, making it convenient for commuters. The building is home to a variety of amenities, including restaurants, a fitness center, and collaborative workspaces, creating a vibrant and dynamic work environment in one of Chicago's most iconic areas.
Role Overview
Cboe's Cybersecurity team is seeking an Application Security Engineer to develop their expertise in practical, code-adjacent security within a collaborative and fast-paced environment. This role works closely with application and platform engineering teams to help design, build, and deploy secure containerized services on Kubernetes, applying security fundamentals within defined processes and with guidance from senior engineers. The ideal candidate brings hands-on software development experience and a genuine interest in growing their application security skills on real-world challenges. This role reports to the Manager, Cybersecurity.
Your responsibilities will be:
Secure Development Partnership
- Partner with engineering teams to improve security of containerized services running on Kubernetes
- Participate in secure design reviews and threat modeling for new features, services, and APIs
- Perform code-level security reviews and provide clear, actionable remediation guidance to developers
- Help integrate and operate security tooling in CI/CD pipelines, including SAST, dependency and container image scanning (SCA), and secret detection
- Validate and triage security findings — distinguishing real risk from false positives and helping prioritize remediation based on impact
- Contribute to container image security practices including secure base image usage, dependency hygiene, and attack surface reduction
- Assist in defining and applying secure coding and deployment standards for Kubernetes workloads, APIs, and service-to-service communication
- Support incident response and post-incident reviews by helping analyze root causes and contributing to preventative fixes
- Continuously grow application and Kubernetes security skills through hands-on work and mentorship from senior team members
- 2+ years of professional experience in software engineering, application security, or a closely related role
- Bachelor's degree in Computer Science, Information Security, or a related field
- Hands-on software development experience, including building, testing, and deploying production services and comfort reading and modifying existing codebases
- Experience building and running Docker/OCI containers, with an understanding of container images, layers, and runtime behavior
- Familiarity with Kubernetes, including deploying or supporting applications and working with core primitives (pods, deployments, services, ingress) and basic security concepts (RBAC, namespaces, service accounts)
- Working knowledge of common web and API vulnerabilities (authentication/authorization issues, injection, SSRF, etc.) and secure coding practices
- Proficiency in at least one backend programming language (e.g., Go, Java, C#, Python, Node.js) and experience with modern CI/CD workflows and Git-based development
- Exposure to application security tooling such as SAST, dependency or container image scanning, or secret scanning tools
- Bachelor's degree preferred
- Fair and competitive salary and incentive compensation packages with an upside for overachievement
- Generous paid time off, including vacation, personal days, sick days and annual community service days
- Health, dental and vision benefits, including access to telemedicine and mental health services
- 2:1 401(k) match, up to 8% match immediately upon hire
- Discounted Employee Stock Purchase Plan
- Tax Savings Accounts for health, dependent and transportation
- Employee referral bonus program
- Volunteer opportunities to help you give back to your communities
- Paid Tuition assistance and education opportunities
- Generous charitable giving company match
- Paid parental leave and fertility benefits
We work with purpose, solving problems with ingenuity, collaboration, and a lot of passion. We're an engaged and excited team connecting markets across borders and embracing growth in all its forms to achieve incredible outcomes.
Learn more about life at Cboe on LinkedIn and Cboe.com.
Equal Employment Opportunity
We're proud to be an equal opportunity employer and do not discriminate against any employee or applicant for employment based on any legally protected characteristic, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or veteran status. We are committed to fostering a workplace where all individuals are valued and respected.
This position is not eligible for visa sponsorship. Candidates must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.
Salary Ranges (applicable for US locations only)
At Cboe, we are committed to providing a competitive, transparent, and market‑informed total rewards program. The anticipated base salary range for this role is $102,850-$133,100, with actual compensation determined by job‑related factors such as skills, relevant experience, education, internal alignment, and location.
This role may also be eligible for annual incentive compensation and, where applicable, participation in Cboe's long-term equity programs.
Additional information about Cboe's total rewards program, including benefits and other compensation components, can be found here: Total Rewards at CBOE.
Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any other third party communication tools for recruiting purposes.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search