Lead Application Security Engineer - Point72

Join to apply for the Lead Application Security Engineer role at Point72.

We are building a security-focused culture within Point72’s Technology Group and Global Information Security team. Our Technology Group improves IT infrastructure and embraces open-source solutions, enterprise agile methodology, and professional development to foster innovative ideas. The Global Information Security team is dedicated to developing, implementing, and managing a comprehensive program to protect confidentiality, integrity, and availability of Point72 information assets.

What you’ll do

• Collaborate with the DevOps team to design, implement, and manage a robust DevSecOps framework for our software development pipeline, integrating security tools and processes into our CI/CD workflows to enhance the developer experience
• Champion a security-first mindset within the development team, promoting secure coding practices and providing guidance on secure development methodologies
• Create security focused DevSecOps policies and standards and provide training and awareness to the development team
• Develop Key Risk Indicators (KRIs) to track security posture across business lines, measure progress and identify outliers
• Implement and manage security testing tools and processes within the CI/CD pipeline, including SAST, DAST, SCA, and OSS
• Work with the DevOps team to automate security controls and compliance checks within the development pipeline, ensuring adherence to industry best practices and regulatory requirements
• Troubleshoot and resolve security issues throughout the software development lifecycle
• Stay abreast of emerging security threats, vulnerabilities, and DevSecOps best practices to continuously improve our security posture

What’s Required

• 7-10 years of experience in software development, DevOps, or security engineering, with a strong focus on DevSecOps practices
• Expertise in CI/CD tools such as GitHub, Jenkins, GitLab CI/CD, Azure DevOps, or similar
• Proficiency in infrastructure-as-code tools like Terraform or CloudFormation
• Strong scripting and automation skills using Python, Bash, or similar languages
• Experience with security testing tools such as SonarQube, SNYK, Nessus, Qualys, or similar
• Familiarity with containerization technologies like Docker and Kubernetes
• Knowledge of security best practices for cloud environments (AWS, Azure, GCP)
• Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2
• Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment
• Strong problem-solving skills and a passion for continuous improvement in security practices
• Commitment to the highest ethical standards

We take care of our people

We invest in our people, their careers, their health, and their well-being. When you work here, we provide:

• Private Medical and Dental Insurances
• Generous parental and family leave policies
• Volunteer opportunities
• Support for employee-led affinity groups representing women, people of colour and the LGBQT+ community
• Mental and physical wellness programmes
• Tuition assistance
• Non-contributory pension and more

About Point72

Point72 Asset Management is a global firm led by Steven Cohen that invests in multiple asset classes and strategies worldwide. With over a quarter-century of investing experience, we aim to be the industry’s premier asset manager by delivering superior risk-adjusted returns, upholding the highest ethical standards, and offering opportunities to the industry’s brightest talent. For more information, visit www.Point72.com/working-here

Additional details

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology

London, England, United Kingdom