Product Security/Security Architecture Lead

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors.

Your future role within QRT

The Senior Product Security/Security Architect at Qube Research & Technologies (QRT) will spearhead initiatives to protect QRT's core trading infrastructure from cyber threats. This role involves championing secure design principles, fostering trust-based partnerships, and working collaboratively with engineering and product teams to integrate security considerations into the design and development stages. This role is based in Hong Kong office, reporting locally to APAC Head of Security and functionally to Global Product Security Lead.

We are in the process of establishing a global, innovative security team aimed at developing highly automated security operations processes and frameworks that can scale with the company's rapid growth. It means that you will have an opportunity to build from scratch, interact with various technologies, influence architecture, decide on specific technologies or tools, and work on new projects.

As the security team, our top priority is to ensure that our data and assets are safeguarded using controls, which do not disrupt the business, but act as an enabler. We work across many stakeholders in the company, including IT, Cloud and Engineering.
QRT runs a hybrid technology stack across multiple data centers, extending to various locations across the public cloud. The combination of on-premises and cloud allows us to achieve performance and low latency requirements, which are important for quantitative and systematic investments.

Some technologies we use on daily basis include: Amazon Web Services (AWS), Microsoft Azure, Okta, Splunk, Netskope, Palo Alto, Red Hat Enterprise Linux, Windows Server, Docker & Kubernetes.

Responsibilities:

• Build and lead the product security function in APAC, setting objectives, and overseeing the development and implementation of security controls and processes covering on-prem, exchange colocation and cloud infrastructure and business applications.
• Develop, implement and periodically review security design standards, frameworks, security reference architecture (security blueprints) and conduct updates/enhancements to guidance, policies, or other applicable reference materials.
• Collaborate with engineering and product teams to incorporate security considerations into product design and development
• Conduct threat modeling, and security code reviews to identify potential security issues
• Develop and maintain a secure software development lifecycle (SDLC) to ensure security is integrated at every stage
• Educate and train engineering and product teams on security awareness and best practices

Requirements:

• At least 10 years of experience in a product security / security engineering role, with at least 2 years in a leadership position.
• Deep understanding of security principles, techniques, and technologies related to software and product security.
• Experience with threat modeling, risk assessment, and the development of mitigation strategies.
• Strong technical background in software development and security, with proficiency in programming languages and security tools.
• In depth knowledge of application, network, cloud and platform security vulnerabilities.
• Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
• Ability to explain vulnerabilities to developers
• Excellent problem-solving, communication, and leadership skills.
• Ability to influence through factual reasoning.
• Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking.
• Ability to adjust communication of technology risks vs business risks based on the audience.
• Previous experience in Financial Services is preferred.

QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance.