Senior Information Security Engineer

Squarepoint is a global investment management firm that utilizes a diversified portfolio of systematic and quantitative strategies across financial markets that seeks to achieve high quality, uncorrelated returns for our clients. We have deep expertise in trading, technology and operations and attribute our success to rigorous scientific research. As a technology and data-driven firm, we design and build our own cutting-edge systems, from high performance trading platforms to large scale data analysis and compute farms. With offices around the globe, we emphasize true, global collaboration by aligning our investment, technology, and operations teams functionally around the world.

Position Overview:

Squarepoint is seeking a subject matter expert to join our Information Security team as a Senior Information Security Engineer. This senior position plays a pivotal role in strengthening our security posture by providing expert guidance, and driving improvements across key areas such as network, cloud, data, and system security. The successful candidate will act as an escalation point to the Security Operations, ensuring complex security problems are effectively analysed and resolved. This role includes overseeing security in critical IT projects, leading threat modelling for complex systems, auditing key systems for security gaps, and building automated capabilities to continuously validate controls’ effectiveness and system resilience. This position offers an opportunity to lead security initiatives and shape the security roadmap. A high degree of self-motivation and proactivity is mandatory for success in this role.

• Strengthen security across core areas, including network and system security, email security, cloud security, and data protection.
• Serve as a security advisor for IT projects, ensuring security requirements are met and risks are mitigated.
• Manage and optimize security tools, ensuring they are effectively deployed and maintained.
• Lead the design and development of security solutions and architectures to protect critical assets.
• Provide second-line support to Security Operations.
• Conduct threat modelling and risk assessments to identify vulnerabilities and drive proactive mitigation strategies.
• Oversee relationships with the Managed Detection and Response (MDR) provider, ensuring service effectiveness and continuous improvement.
• Execute security roadmap’s initiatives, aligning with business objectives and emerging threats.
• Collaborate with cross-functional teams to enhance security awareness and integrate security into business processes.

Required Qualifications:

• Minimum 5 years of hands-on experience in an information security role, such as security engineering, security architecture, security operations, or application security.
• Thorough understanding of security best-practices, principles, and system hardening techniques.
• Hands-on experience with threat modelling, security testing, including penetration testing, and automated security validation.
• Solid knowledge of cloud, network, and systems security concepts.
• Experience with scripting with one or more languages – Python and PowerShell experience is a plus.
• Familiarity with security tools such as EDR software, DLP solutions, vulnerability scanners, firewalls and email gateways.
• Strong analytical skills and problem-solving skills, with the ability to investigate complex problems and design pragmatic solutions.
• Effective communication skills to work with technical and non-technical teams.
• Degree in Engineering, Computer Science, or STEM related field.

Nice to have:

• Strong knowledge of risk assessment methodologies.
• Familiarity with security best practices, configurations, and threat management in Azure, AWS, and GCP.
• Ability to analyse software for security risks, including reviewing source code, performing static and dynamic analysis, and identifying vulnerabilities in application design and implementation.
• Familiarity with regulatory frameworks and security standards (e.g., SEC Cybersecurity rules, MAS TRM Guidelines, NFA Cybersecurity Guidance, GDPR etc.)
• Relevant security certifications.