Security Engineer Lead

FinTech Startup

New York City
Posted 11 months ago

Our employees are world leaders in solving complex business problems using mathematics and engineering skills. Our team is specifically focused on building an electronic multi-dealer platform which is quickly evolving in to the market standard for structuring, distributing, and trading structured notes. This is a unique opportunity for you to be part of a highly productive and motivated group of software and quant engineers, who are constantly looking to innovate and provide best-in-class FinTech platform to clients. You will collaborate on a daily basis with sales and trading involved in the effort.

As the Lead Security Engineer for the team within the Securities Division, you will head up and oversee all aspects of security for the platform.  The role will cover a broad security spectrum including our Web facing platform, the oversight and design of the various AWS environments and the design and implementation of the internal workplace technology stack.  You will participate in gathering specifications, designing innovative solutions based on 3rd party cloud technologies, implementing robust solutions, and ensuring sufficient automation and monitoring to alert on any aberrant behavior across the technology stack.  You will also assist with selecting, onboarding, implementing and integrating the best of breed vendor solutions into the technology stack.


As the Lead Security Engineer you will be directly responsible for building, evolving and maintaining every aspect of the technology stack for the team with a focus on both internal and internet facing security.  This will require a broad technical range from best practice around securing user endpoints, all the way through to ensuring the security of the front end web stack.

Major responsibilities:

  • Collaborate with internal infrastructure and application engineers to review, implement and evolve the security design of the customer facing the new platform.  This will include securing and monitoring the public facing web stack to proactively alert and block any malicious activity.
  • Collaborate with internal infrastructure and application engineers to review, implement and evolve the internal technologies used to build and improve the platform.  This will include helping to design and create a secure but highly collaborative workplace technology environment.  This will also include designing and evolving the security of the SDLC.
  • Assist with the implementation and development or our overall monitoring infrastructure, suggesting and integrating 3rd party or internal systems as needed.  This will include setting up suitable dashboards and alerts on tools such as Splunk to help ensure that we know as much as possible, as quickly as possible about security incidents
  • Create log dashboards, scripts, tools, monitoring metrics, and alert trigger definitions to automate and manage the security of the entire technology environment.
  • Prepare and document standard operating procedures and protocols across the security space
  • Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
  • Oversee training the user base on security principles and best practice 

Basic Qualifications

  • Extensive experience with software defined networking in an AWS cloud environment
  • Management of security oversight of internet facing web technologies, content distribution networks and web application firewalls
  • Ability to code in Python for systems administration and AWS environment automation
  • Detailed technical knowledge of database and operating system security
  • Hands on experience in security systems, including firewalls, intrusion detection systems, endpoint security, authentication systems, log management, content filtering, etc
  • Familiarity with working in a Linux environment
  • 5+ years of security engineering relevant experience
  • Bachelor’s degree in Computer Science or equivalent experience

Preferred Qualifications

Previous use of:

  • Data loss prevention technologies (DLP) to secure against egress of Intellectual Property
  • Bluecoat or zScaler in creating sensible proxy policies around internet access in a controlled environment
  • Logging (Splunk, Kibana/Elasticsearch) and Monitoring systems (Nagios, Zabbix, Sensu, etc), including setting up relevant metrics and dashboards to automate the alerting of security issues.
  • Familiarity with the concepts around implementing zero trust networks such as Google BeyondCorp
  • Ability to integrate and debug Authentication and API Access Management technologies (such as Okta, OneLogin)
  • Experience with deploying and administering networking and perimeter security hardware (such as Cisco, Juniper, Palo Alto, etc).


Job Features

Job CategoryFull Time

Apply Online

A valid phone number is required.
A valid email address is required.