
The role incorporates multiple technologies across data, web application, API protection, Data Loss Prevention (DLP), and AI Protection, while simultaneously driving data security compliance, risk management, and policy governance. The Senior Engineer is expected to work closely with teammates within cyber defense, database administration (DBA) teams, application development, internal/external audit groups, and business stakeholders to engineer, deploy, maintain, and optimize the global Imperva and data security infrastructure.
Lead the installation, configuration, administration, and architectural engineering of Imperva platforms, including Imperva Data Security Fabric (DSF), Database Activity Monitoring (DAM), and Web Application Firewalls (WAF).
Develop, optimize, and manage Imperva DAM security policies, audit rules, custom assessment tests, and classification criteria to monitor sensitive enterprise databases and detect rogue activity, SQL injection, and unauthorized data access.
Manage WAF and API protection technologies (Imperva/WAAP) to ensure on-premises and cloud-hosted web applications are secured against OWASP Top 10 vulnerabilities, API abuse, and automated bot malicious activities.
Perform database vulnerability assessments and environment health checks; track system capacity, agent footprint stability, and gateway performance to guarantee operational readiness.
Manage AI Protection solutions (AI Prompt Jailbreak defense, AI Model protection) and DLP technologies including CASB SaaS and Email Security SaaS.
Use Infrastructure as Code (IaC) tools (e.g., Terraform, KCC) to automate the management and deployment of security rules in a CI/CD pipeline.
Coordinate the development, dissemination, and enforcement of information security policies, standards, and procedures in collaboration with IT departments and data custodians.
Conduct reviews and compliance audits to ensure the Global Information Security Operations Team conforms to policies, standards, laws, and regulations (e.g., GDPR, CCPA).
Investigate security alerts, handle data-centric incident responses, analyze Technology/Enterprise Computing controls, and perform ITIL Incident Problem tracking.
Engage closely with Internal Audit, Compliance, external auditors, and Enterprise Computing staff to ensure effective communication and reporting transparency for Global Information Security projects.
A minimum of 5 years of dedicated engineering experience specializing in Imperva solutions (DSF, DAM, and WAF), including deep hands-on proficiency with rule creation, dashboard management, agent deployment, and reporting.
Minimum of 6 years of overall experience in information security, information technology, database administration, IT compliance, or IT Internal Audit.
Strong technical knowledge and understanding of major database platforms and operating systems, including Unix, Linux, Windows, Oracle, MS SQL, and relational/NoSQL data structures.
Working knowledge supporting commercial cloud provider environments (AWS, Azure, GCP) alongside cloud-native database architectures.
Working knowledge of Infrastructure as Code (IaC) tools such as Terraform and KCC.
Working knowledge with SIEM technologies, SSL Inspection, Access Control, Policy Management, and TCP/IP layer 3-7 networking structures.
Detailed understanding of Industry Security standards and Risk Management frameworks (e.g., ISO 27001/27002, NIST Cyber Security Framework, and ISMS implementations).
Excellent project management, written, and oral communication skills; ability to translate complex database security events into clear risk assessments for stakeholders.
Operating knowledge of ITIL processes (ITIL Certification a plus).
Knowledge of programming/scripting languages is a plus (e.g., Python, Java, SQL, Shell scripting).
5+ years of hands-on experience with cyber security application administration, database security operational practices, and risk management.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent certifications (or actively working towards them) is a plus.
CME Group: Where Futures are Made
CME Group is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.
At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone’s perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.
Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here

As the world's leading derivatives marketplace, CME Group (www.cmegroup.com) is where the world comes to manage risk. CME Group exchanges offer the widest range of global benchmark products across all major asset classes, including futures and options based on interest rates, equity indexes, foreign exchange, energy, agricultural commodities, metals, weather and real estate. CME Group brings buyers and sellers together through its CME Globex® electronic trading platform and its trading facilities in New York and Chicago. CME Group also operates CME Clearing, one of the world’s leading central counterparty clearing provider in the world, which offers clearing and settlement services for exchange-traded contracts, as well as for over-the-counter derivatives transactions through CME ClearPort®. These products and services ensure that businesses everywhere can substantially mitigate counterparty credit risk in both listed and over-the-counter derivatives markets.