Security Engineer

Build the market that brings the future into focus
Rothera is building a world-changing prediction market in partnership with some of the financial industry's leading global brokerage and trading firms.
By empowering traders to take positions on the events that shape our world, Rothera's platform harnesses the scale and power of financial markets to produce timely, unique, and effective information discovery for leaders and decision makers to ask and answer their most important questions.
Rothera operates at the frontier, generating market-driven forecasts that turn intuition into insight.
About The Role
The Security Engineer is a hands-on lead in the technical defense and administration of our corporate and production environments. In this critical role within a CFTC-regulated firm, you will oversee the security of complex, internally hosted and managed services delivered cloud environments, while serving as the primary administrator for our edge defense, identity, and productivity stacks.
What You'll Do
Edge Defense & Cloud Security Oversight (Cloudflare & AWS)

• Perimeter Security: Manage Cloudflare WAF to shield internally hosted services and APIs. Design, tune, and maintain custom firewall rules and rate-limiting policies to mitigate Layer 7 attacks and bot activity.
• Internal Service Hardening: Provide security oversight for internally developed services hosted in AWS. Ensure environments are architected with strict isolation (VPCs, Security Groups) and utilize AWS security services (GuardDuty, Security Hub).
• Traffic Analysis: Regularly analyze Cloudflare and AWS logs to identify malicious patterns, minimize false positives, and optimize the performance of the edge security stack.

Vulnerability Management & SIEM Operations

• Vulnerability Lifecycle: Perform regular vulnerability testing on internal systems and AWS-hosted instances. Manage the remediation process, ensuring that patches are applied in a timely, risk-prioritized manner in collaboration with engineering teams.
• SIEM Management: Act as the primary owner of the SIEM platform. Build and tune detection logic that aggregates logs from Cloudflare, AWS, Okta, and SentinelOne to provide a unified view of the firm's security posture.

Governance, Policy & Vendor Risk

• Policy Management: Maintain and update the firm's internal security policies to meet CFTC regulatory standards.
• Vendor Security Reviews: Lead the security vetting process for third-party vendors, performing risk assessments and evaluating SOC2/ISO audits to protect the firm's data supply chain.
• Audit Support: Manage security controls and present technical evidence (logs, configuration snapshots, and policy docs) for SOC 2 Type 2 audits and annual regulatory examinations.

IT Systems & Identity Administration

• Identity Mastery (Okta): Administer the Okta ecosystem, managing SSO integrations, Adaptive MFA, and automated provisioning/deprovisioning via Okta Workflows.
• Endpoint Protection (SentinelOne) and Email Security: Deploy and manage SentinelOne XDR and Mimecast across the organization, responding to alerts and performing proactive threat hunting.
• Corporate IT Admin: Manage corporate IT SaaS environments including Google Workspace and Slack, ensuring secure collaboration, data retention, eDiscovery and robust DLP rules.

What You'll Bring

• Experience: 6+ years in Security/IT Engineering, with a proven track record in a regulated financial environment.
• The "Stack":

• Edge: Expert-level management of Cloudflare (WAF, DDoS, Workers).
• Cloud: Deep experience securing AWS-hosted internal services.
• Identity & SaaS: Advanced administration of Okta, Mimecast and Google Workspace.
• Endpoint: Hands-on experience with SentinelOne or similar EDR/XDR.

• SIEM: Experience configuring and maintaining a modern SIEM.
• Automation: Experienced in scripting to automate repeatable processes
• Certifications: CISSP, AWS Certified Security, or CompTIA Security+ certifications are highly desirable.

Key Attributes

• Operational Excellence: You understand that for a CFTC regulated firm, uptime and security are two sides of the same coin.
• Regulatory Rigor: You are disciplined about documentation, ensuring every control is "audit-ready."
• Adaptive Wit: You can pivot from deep technical troubleshooting to a high-level vendor risk discussion without missing a beat.

Benefits & Compensation
This position has a yearly base salary of: $175,000-$225,000
Rothera is dedicated to advancing the careers and personal wellbeing of our team members. We are continuously exploring ways to support our employees holistically, including a 401(k) plan with employer match, health, vision, and dental insurance for employees and eligible dependents, paid time off, and much more.
Why you should join the mission
If you want a critical role in a path-breaking company, you belong here.
Rothera Markets values initiative from individuals of all backgrounds. We are proud to be an inclusive workplace and do not discriminate on the basis of race, religion, national origin, age, disability or handicap, sex, marital status, veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
This position is full-time, in-office hybrid position. We are not able to offer visa sponsorship for our positions.