Senior Product Security Engineer

My client is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. A technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped the collaborative mindset, enabling them to solve the most complex challenges. They have a culture of innovation which continuously drives their ambition to deliver high quality returns for investors.

About the role

Seeking a Senior Product Security Engineer to protect diverse tech systems across cloud, business apps, and core infrastructure. In this role, you’ll drive automated security processes, influence architecture, and lead strategic security projects. Working closely with IT, cloud, and engineering teams, you’ll implement security solutions for low-latency systems and multi-cloud platforms, including AWS, Azure, and Alibaba Cloud. You’ll also secure hybrid infrastructures across Python, C++, and Kotlin/Java environments, ensuring robust protection that supports high-speed, data-driven operations.

Responsibilities

Support the implementation of security controls and processes for product security, focusing on a broad range of systems, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments.

Collaborate with engineering and product teams to integrate security into product design and development, applying your experience in securing large-scale software systems in a fast-moving environment.
Contribute to the development and maintenance of a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java.
Conduct threat modeling, vulnerability assessments and security code reviews across different platforms, ensuring security is embedded at every stage of the development lifecycle.
Provide mentorship, guidance, and training on security best practices and secure development processes to engineering teams working in mixed cloud and operating systems environments.
Perform vendor security reviews to assess third-party security practices and ensure compliance standards.
Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and on-prem systems.
Proactively identify security risks and develop strategies for risk mitigation in a fast-paced high-stakes environment.

Requirements

At least 7 years of experience in product security (or similar) roles with significant practical experience in securing software development at scale.

Proven record of accomplishment in secure coding practices and development experience in development languages such as Python, C++, Rust, Go and Kotlin/Java.
Strong technical background in software development, system architecture and security tools.
Strong understanding of security principles, techniques and technologies related to software and product security, cloud platforms and business applications. Knowledge of low-latency financial systems would be an advantage.
Experience working with and securing both Windows- and Linux-based systems.
Extensive experience with one or more cloud platforms – such as AWS, Microsoft Azure and Alibaba Cloud – used in a hybrid environment.
In-depth knowledge of threat modeling, risk assessment and development of mitigation strategies for large-scale, complex systems in a fast-paced environment.
Experience integrating security scanning tools into CI/CD pipelines and runtime environments.
Experience conducting vendor security reviews and managing third-party security assessments.
Excellent leadership, problem-solving, communication and adaptability skills, suited for a senior-level position in a fast-paced environment.

Whilst we carefully review all applications, to all jobs, due to the high volume of applications we receive it is not possible to respond to those who have not been successful.