Senior Systems Engineer

About Us

Wellington Management offers comprehensive investment management capabilities that span nearly all segments of the global capital markets. Our investment solutions, tailored to the unique return and risk objectives of institutional clients in more than 60 countries, draw on a robust body of proprietary research and a collaborative culture that encourages independent thought and healthy debate. As a private partnership, we believe our ownership structure fosters a long-term view that aligns our perspectives with those of our clients.

About the Role

THE POSITION 

The Attack Surface Management team is seeking a Senior Security Engineer to be a key member of our team. There will be a heavy focus on building, maturing, and operationalizing a configuration baselines program spanning physical and virtual systems, serverless workloads, container security, and other platforms. This engineer will assist in the minimization of potential attack surfaces through vulnerability management, managing a baselines program, cloud configuration assessments, incorporating threat intelligence from public and private sources, and work internally to build and enhance policies, standards, and processes. They will be working with various technologies that surface vulnerabilities, misconfigurations, end of life software, and other vectors. The ideal candidate is one that has a passion for cyber-security, a natural curiosity, and is willing to think outside the box to challenge the status quo in Attack Surface Management.

RESPONSIBILITIES

• Develop and mature an internal security hardening and baselines program. This effort develops standards and process to ensure attack surface risk is reduced and configuration baseline is met both according to CIS Controls and cyber threats actively targeting the firm.

• Perform assessments and communicate to stakeholders on the likelihood of exploitation and potential impact of vulnerabilities, misconfiguration findings, and other potential vectors to determine the appropriate course of action to mitigate potential risk.

• Leverage Cloud Native Application Protection Platform (CNAPP) technology to assess findings and contribute guidance and expertise to application custodians on fixing issues.

• Act as a security liaison between Information Security and the Development staff to bring a security mindset to the software development lifecycle. Assess and understand the Wellington CI/CD pipeline to be able to provide recommendations to developers for securing their code.

• Stay up to date with current and relevant cyber security threats as well as any associated countermeasures. Participate in internal meetings to map industry cyber threats to our current attack surface.

• Review of both internal and open-source threat intelligence sources for recently disclosed vulnerabilities at risk of introduction into the Wellington environment.

• Work with our Third-Party Risk team to engage third parties in Wellington’s vendor ecosystem to understand when third and fourth parties may be exposed to critical vulnerabilities.   

• Contribute to team documentation for updates to existing processes, new processes, assessment tool infrastructure details and workflows.

• Contribute to firmwide documentation by being an SME contributor to policies and standards.

NON-TECHNICAL QUALIFICATIONS

• A Passion for cyber-security is a must.

• Ability to self-motivate, with an eagerness to dig into potential risks. Ask questions, be          curious, dig deeper.

• BS degree in Information Systems/related discipline or equivalent IT work experience 

• Experience in developing new processes and procedures that match evolving attack surfaces.

• Excellent oral and written communication skills with a proven ability to effectively interact with teams representing a wide variety of technical disciplines.

• Ability to work with global teams effectively.  

• Ability to mentor junior team members and share discoveries about your work.

TECHNICAL QUALIFICATIONS 

• Experience working with best practices frameworks such as CIS Critical Security Controls to drive an internal discovery and risk assessment program for a system baselines / hardening program.

• Knowledge of common cyber-attack types such as DDoS, SQLi, XSS, and others. This experience relied upon to make rational decisions in our baselines program.

• Hands-on experience with vulnerability assessment software and prioritizing results using a combination of various frameworks tied to internal objects (CVE, CVSS, EPSS, etc.).

• Previous experience assessing, documenting, and communicating information security risk, particularly related to cyber vulnerabilities is preferred.

• Experience in the use of common scripting languages such as python to automate job functions.

• Working knowledge of IaC (Infrastructure as Code) concepts, especially with AWS.

• Knowledge in the areas of network architecture and engineering and software application development

• Working knowledge of the use of threat intelligence feeds and resources  

• Preferred: Experience working with Splunk, Qualys, WIZ, Artifactory, AWS Cloudformation

• Preferred: Working knowledge of Amazon AWS services 

• Preferred: Home labs, security practitioner meetups, research, we would love to hear it!

Not sure you meet 100% of our qualifications?  That’s ok. If you believe that you could excel in this role, we encourage you to apply and welcome a chance to review your background. We are dedicated to building and maintaining a diversified workforce and considering a broad array of candidates with a variety of skill, workplace experiences, and backgrounds.

As an equal opportunity employer, Wellington Management ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, sex, sexual orientation, gender identity, gender expression, religion, creed, national origin, age, ancestry, disability (physical or mental), medical condition, citizenship, marital status, pregnancy, veteran or military status, genetic information or any other characteristic protected by applicable law. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at GMWTalentOperations@wellington.com.