Security Engineer

Location: Chicago, IL (Hybrid, in-office)

Our client, a well-capitalized start-up building a U.S. exchange (DCM) and clearinghouse (DCO), is seeking a Security Engineer to serve as a hands‑on technical lead responsible for securing both corporate and production environments. In this CFTC‑regulated setting, the role will oversee the security of internally developed services hosted in the cloud, while acting as the primary administrator across edge defense, identity, and productivity platforms.

• Perimeter Security: Manage Cloudflare WAF to shield internally hosted services and APIs. Design, tune, and maintain custom firewall rules and rate‑limiting policies to mitigate Layer 7 attacks and bot activity.
• Internal Service Hardening: Provide security oversight for internally developed services hosted in AWS. Ensure environments are architected with strict isolation (VPCs, Security Groups) and utilize AWS security services (Guard Duty, Security Hub).
• Traffic Analysis: Regularly analyze Cloudflare and AWS logs to identify malicious patterns, minimize false positives, and optimize the performance of the edge security stack.

• Vulnerability Lifecycle: Perform regular vulnerability testing on internal systems and AWS‑hosted instances. Manage the remediation process, ensuring that patches are applied in a timely, risk‑prioritized manner in collaboration with engineering teams.
• SIEM Management: Act as the primary owner of the SIEM platform. Build and tune detection logic that aggregates logs from Cloudflare, AWS, Okta, and Sentinel One to provide a unified view of the firm’s security posture.
• Policy Management: Maintain and update the firm’s internal security policies to meet CFTC regulatory standards.
• Vendor Security Reviews: Lead the security vetting process for third‑party vendors, performing risk assessments and evaluating SOC2/ISO audits to protect the firm’s data supply chain.
• Audit Support: Manage security controls and present technical evidence (logs, configuration snapshots, and policy docs) for SOC 2 Type 2 audits and annual regulatory examinations.

• Identity Mastery (Okta): Administer the Okta ecosystem, managing SSO integrations, Adaptive MFA, and automated provisioning/deprovisioning via Okta Workflows.
• Endpoint Protection (Sentinel One) and Email Security: Deploy and manage Sentinel One XDR and Mimecast across the organization, responding to alerts and performing proactive threat hunting.
• Corporate IT Admin: Manage corporate IT SaaS environments including Google Workspace and Slack, ensuring secure collaboration, data retention, eDiscovery and robust DLP rules.

• Experience:
  
  6+ years in Security/IT Engineering, with a proven track record in a regulated financial environment.
• Edge: Expert‑level management of Cloudflare (WAF, DDoS, Workers).
• Cloud: Deep experience securing AWS‑hosted internal services.
• Identity & SaaS: Advanced administration of Okta, Mimecast and Google Workspace.
• Endpoint: Hands‑on experience with Sentinel One or similar EDR/XDR.
• SIEM:
  Experience configuring and maintaining a modern SIEM.
• Automation:
  Experienced in scripting to automate repeatable processes.
• Certifications:
  
  CISSP, AWS Certified Security, or CompTIA Security+ certifications are highly desirable.

• Operational Excellence: You understand that for a CFTC regulated firm, uptime and security are two sides of the same coin.
• Regulatory Rigor: You are disciplined about documentation, ensuring every control is "audit-ready."
• Adaptive Wit: You can pivot from deep technical troubleshooting to a high‑level vendor risk discussion without missing a beat.