Associate Principal, Privileged Access Management (DevOps)

Who We Are

About Us

The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.

What We Offer

A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:

A hybrid work environment, up to 2 days per week of remote work

Tuition Reimbursement to support your continued education

Student Loan Repayment Assistance

Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely

Generous PTO and Parental leave

Competitive health benefits including medical, dental and vision


As a member Security Engineering you are responsible for applying skills and knowledge to perform specified functions. As part of this team you will take part in automation activities that involve automating the deployment and management of architected security products within an AWS infrastructure. You will engage in automation activities, review of CI/CD design and architecture, and apply industry best practices for deploying infrastructure and configuration management. This position promotes the learning and understanding of security products by Product SME’s while focusing on the automation concepts for Infrastructure-as-code, DevSecOps, configuration management, and specifically infrastructure and integrations within the Security Engineering platform. 

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

  • Work closely with Security Engineering team to understand business objectives on-premise and all in the cloud architecture to provide requirements for successfully automating deployments.

  • Work with technical product owners to translate technical capabilities that are achievable and provide requirements or recommendations for automating the deployment of a particular application or component. 

  • Understand the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines.

  • Perform a security first approach when deploying or integrating products that involve Secrets Management, PKI, Session Management, or authenticated integrations that may expose privileged credentials.

  • Consult with AWS Security Account, Lambda, auto-remediation, Security Hub, Shared Services, and VPCs that are designed to increase and host security services.

  • Approach all products and platforms with best practices monitoring techniques.

  • Support the deployment, maintenance, and improvements with HashiCorp Vault Enterprise architecture based on industry best practices and organization requirements.

  • Consult with tools surrounding the Kubernetes and containerized ecosystem such as helm, sysdig, and HashiCorp Vault cert manager integration.

  • Responsible for partnering with product owners, platform automation teams, and infrastructure teams when focused or developing a solution.

  • Ability to operate in complex operational environments and interact with internal experts required to maintain those environments.

  • Perform agile best practices and self-motivation to bring a task end-to-end to completion.

  • Proficient in using scripting and automation skills when converting manual and maintenance functions into fully orchestrated automation.

  • GitOps, README, and documentation for all code committed and merged.

Supervisory Responsibilities:

  • None


The requirements listed are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Hands-on experience with Python, Ansible, Terraform, and YAML packages

  • Hands-on experience with Terraform Providers and translating to product requirements.

  • Hands-on experience with Jenkins pipelines for implementing and integrating continuous delivery.

  • Hands-on experience deploying and maintaining infrastructure in public cloud AWS or Azure/GCP.

  • Hands-on experience working with Secrets Management best practices within dynamic infrastructure.

  • Hands-on experience with system monitoring techniques and tools supporting unattended operations.

  • Working knowledge of Docker/Kubernetes deployment, configuration, scaling and management of containerized applications.

  • Technical knowledge of Secrets Management and Privileged Access Management on target systems, databases, directories, and applications.

Technical Skills:

  • Industry experience implementing DevOps automation in public cloud infrastructure with Terraform and ansible following Infrastructure as Code (Iac) concept.

  • Self-motivated to learn new products within the Security Engineering stack of products and apply best practices concepts to a dynamic cloud infrastructure.

  • (Preferred) Hands-on experience with HashiCorp Vault

  • (Plus) Hands-on experience with Sysdig and containerized security

  • (Plus) Hands-on experience with CyberArk API

  • (Plus) Working knowledge of Secrets Management and Privileged Access Management.

Education and/or Experience:

  • 3+ Years of hand-on DevOps or DevSecOps as a primary role. (e.g. Developer environment, GitOps, Version Control, RESTful APIs, and build)

  • 5+ years of hands-on experience working within cloud architecture and deployments.

Certificates or Licenses:

  • Certification in at least one or more of the following:

    • AWS Certified Developer

    • HashiCorp Certified: Terraform Associate

    • HashiCorp Certified: Vault Associate

    • DevOps security or related

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-3137
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Mar. 07, 2023

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.

We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.

OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.

Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy. Do not accept analytic cookies Accept analytic cookies