Senior Security Engineer
Description:
Company Background:
The LMAX Group is a global financial technology company which operates multiple institutional execution venues for FIAT and digital currency trading.Servicing brokers, funds, corporates, asset managers and banks, the LMAX Group delivers a unique vision for global FX and cryptocurrency trading - a transparent, neutral, level playing field for all market participants, regardless of status, size or activity levels.
The Role:
The Security Engineer plays a key role in the development, implementation, maintenance, and improvement of security controls and secure the architecture of networks and information systems at LMAX. As part of the Security team, you will be directly involved with securing and improving the architecture of our bleeding-edge low-latency trading platform, providing unparalleled trade execution speed to LMAX customers.Additionally, you will work with the wider technology teams to improve the security posture of our digital currency trading and custody solutions, both on-premises and in the cloud – not only the platform itself, but also how it interacts with the various blockchains, maintaining transaction confidentiality and integrity, and the availability of the trading environments for LMAX customers.
You will also contribute to the architecture and running of the systems underpinning LMAX technology, including (but not limited to):
•Test-driven continuous integration/delivery code pipelines;
•Standards-leading Public Key Infrastructure and Domain Name Services;
•Global DDoS mitigation and Web Application firewalls
•Systems and identities in multi-cloud environments
About You:
You are passionate about information technology, understand computer systems and networks to a high level and can work with a variety of operating systems and programming/scripting languages. Hands-on experience with IaC tools (Puppet/ Terraform) sets you apart from other candidates.
You have an inquisitive mindset, showing the ability to identify vulnerabilities at both technical and process levels, and to explain your findings to a non-technical audience.We encourage independent problem-solving, but also expect you to engage with your peers and work with them to break knowledge silos. You will initiate constructive discussions and propose solutions to any challenges encountered. Most importantly, you understand the necessity of harmonizing security endeavours with business goals.
Requirements:
Main Duties and Responsibilities
Core:
•Map attack paths and implement controls to manage associated risks.
•Create and maintain processes and procedures to demonstrate the effectiveness of security controls to auditors and regulators.
•Assist with maintaining the successful running of Security Operations, focusing on preventative and detective controls
•Contribute to the assurance of security to the business, specifically In relation to Identity and Access Management, and Asset Management
•Assist in the creation, maintenance, and delivery of cyber security education for colleagues.
Mainstream:
•Manage and maintain the security infrastructure.
•Review and fulfill security requests from the business for various services.
•Proactively investigate host, network, and log-based security events and respond to suspected compromises.
•Assess and grant role-based access in accordance with business requirements and risk assessments.
•Stay updated on recent security and technology changes to ensure optimal protection for the business.
Once more advanced in the role:
•Manage and maintain the security infrastructure.
•Collaborate with the business to incorporate security into applications and company culture.
•Research and evaluate technologies to mitigate cyber security threats.
•Lead major security incidents and investigations.
•Perform penetration testing and ethical hacking activities.
•Penetration test and enhance internal FIAT and cryptocurrency custodian processes and procedures.
•Monitor and investigate activities on the dark web.
•Maintain high visibility into the LMAX estate for security events, while minimizing false positives.
Success Looks Like:
•Ensure compliance with security best practices in network operations, system management, and processes.
•Support the successful completion of internal and third-party led audit efforts.
•Increased signal-to-noise security events ratio
•A measurable decrease in the number of user-facing security incidents.
•Demonstrate rapid response capabilities during attacks and provide clear reporting to management.
•Receive positive feedback from technology teams and other business stakeholders.