Product Security Engineer

Qube Research & Technologies•New York, NY

About The Position

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology and trading expertise has shaped QRT’s collaborative mindset which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. You will join the global Security function, which is responsible for safeguarding QRT’s technology platforms, data, and operational environments. The team partners closely with Engineering, Infrastructure, Risk, Compliance, and business stakeholders to design and implement security controls, reduce risk, and enable safe, high-performance operations across global offices. Your future role within QRT Support the implementation of security controls and processes for product security, focusing on a broad range of systems, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments. Collaborate with engineering and product teams to integrate security into product design and development, applying your experience in securing large-scale software systems in a fast-moving environment. Contribute to the development and maintenance of a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java. Conduct threat modeling, vulnerability assessments and security code reviews across different platforms, ensuring security is embedded at every stage of the development lifecycle. Provide mentorship, guidance, and training on security best practices and secure development processes to engineering teams working in mixed cloud and operating systems environments. Perform vendor security reviews to assess third-party security practices and ensure compliance with QRT’s standards. Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and on-prem systems. Proactively identify security risks and develop strategies for risk mitigation in a fast-paced high-stakes environment.

Requirements

At least 7 years of experience in product security or similar roles with significant practical experience in securing software development at scale.
Proven record of accomplishment in secure coding practices and development experience in development languages such as Python, C++, Rust, Go and Kotlin/Java.
Strong technical background in software development, system architecture and security tools.
Strong understanding of security principles, techniques and technologies related to software and product security, cloud platforms and business applications. Knowledge of low-latency financial systems would be an advantage.
Experience working with and securing both Windows and Linux-based systems.
Extensive experience with one or more cloud platforms such as AWS, Microsoft Azure and Alibaba Cloud used in a hybrid environment.
In-depth knowledge of threat modeling, risk assessment and development of mitigation strategies for large-scale, complex systems in a fast-paced environment.
Experience integrating security scanning tools into CI/CD pipelines and runtime environments.
Experience conducting vendor security reviews and managing third-party security assessments.
Excellent leadership, problem-solving, communication and adaptability skills, suited for a senior-level position in a fast-paced environment.

Nice To Haves

Knowledge of low-latency financial systems would be an advantage.

Responsibilities

Support the implementation of security controls and processes for product security, focusing on a broad range of systems, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments.
Collaborate with engineering and product teams to integrate security into product design and development, applying your experience in securing large-scale software systems in a fast-moving environment.
Contribute to the development and maintenance of a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java.
Conduct threat modeling, vulnerability assessments and security code reviews across different platforms, ensuring security is embedded at every stage of the development lifecycle.
Provide mentorship, guidance, and training on security best practices and secure development processes to engineering teams working in mixed cloud and operating systems environments.
Perform vendor security reviews to assess third-party security practices and ensure compliance with QRT’s standards.
Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and on-prem systems.
Proactively identify security risks and develop strategies for risk mitigation in a fast-paced high-stakes environment.