Senior Security Engineer

Verition Fund Management LLC (“Verition”) is a multi-strategy, multi-manager hedge fund founded in 2008.  Verition focuses on global investment strategies including Global Credit, Global Convertible, Volatility & Capital Structure Arbitrage, Event-Driven Investing, Equity Long/Short & Capital Markets Trading, and Global Quantitative Trading.

We are seeking a highly skilled and proactive Senior Security Engineer to focus primarily on Application Security (AppSec) and Cloud Security (CloudSec) initiatives, while also contributing across broader information security areas. This role will report directly to the Head of Information Security and work closely with senior security engineers and key technology stakeholders across the firm. The successful candidate will lead efforts to enhance the security posture of Verition's applications, APIs, cloud infrastructure, and DevOps pipelines, and assist with general security initiatives such as vulnerability management, incident response, and security projects.

Responsibilities:

• Lead and mature Verition's application security program, including secure SDLC integration, code review processes, and developer training.
• Perform threat modeling, security architecture reviews, and code assessments for internally developed and third-party applications, with a strong focus on securing financial applications.
• Contribute to security architecture design and reviews across infrastructure and application initiatives.
• Manage and improve cloud security posture across platforms like AWS and SaaS applications (O365, ServiceNow, etc.).
• Utilize Verition’s in-house Black Duck suite (SAST, DAST, SCA) for application security and component vulnerability management.
• Develop security standards for cloud infrastructure, including IAM, encryption, logging/monitoring, and network security controls.
• Partner with DevOps and Infrastructure teams to integrate security best practices into CI/CD pipelines and configuration management.
• Drive remediation of identified application and cloud security vulnerabilities in collaboration with Engineering and Infrastructure teams.
• Support broader security initiatives such as vulnerability management, incident response, and security hardening projects.
• Participate in an on-call rotation to support critical security incidents.
• Exhibit extreme ownership and high accountability, proactively identifying and addressing risks.
• Operate with agility and urgency in a fast-paced hedge fund environment where responsiveness is critical.
• Demonstrate a service-oriented mindset with a commitment to supporting internal customers and stakeholders.
• Collaborate effectively across teams and foster a positive, high-performance culture within Information Security.
• Assist in maintaining compliance with applicable regulatory and internal security standards.
• Develop and deliver security awareness initiatives focused on application and cloud risks.

Qualifications:

• 7+ years of experience in Information Security, with a strong focus on Application Security and Cloud Security.
• Strong experience securing business-critical and financial applications.
• Experience with Security Architecture principles and applying them in enterprise environments.
• Hands-on experience with application security toolsets including Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST), preferably using the Black Duck suite.
• Deep knowledge of OWASP Top Ten, threat modeling, secure coding practices, and common attack vectors.
• Hands-on experience securing AWS environments and SaaS platforms.
• Familiarity with DevSecOps concepts, infrastructure-as-code (Terraform, CloudFormation), and CI/CD security controls.
• Experience performing vulnerability assessments and penetration testing techniques.
• Strong understanding of identity and access management (IAM) and OAuth/OIDC authentication flows.
• Proficiency with programming languages such as Python, Java, and C++.
• Experience with container security best practices (Docker/Kubernetes).
• Service-oriented mindset with excellent collaboration skills.
• Industry certifications such as CISSP, CSSLP, CCSP, or AWS Security Specialty preferred.
• Excellent communication skills with the ability to translate technical risks to business leaders.
• High ownership mentality, attention to detail, ability to perform under pressure, and a commitment to continuous improvement.