Senior Security Engineer

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology and trading expertise has shaped QRT’s collaborative mindset which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. 

As a Senior Security Engineer, you will help define and raise the security bar for applications and services across QRT. Working closely with engineering teams, you will conduct security assessments, review system designs, identify vulnerabilities, and drive security best practices across the software development lifecycle. You will propose pragmatic mitigations and help ensure services are secure and resilient before launch. This role offers exposure to the full breadth of QRT's technology landscape, from cloud platforms to low-latency trading infrastructure.

• Conduct security design reviews for new and existing product, evaluating architecture documents, threat models, and system designs for potential security risks. 
• Conduct threat modelling to identify attack vectors, security risks, and areas of concern in product design, so that security is built in at every stage of the development lifecycle. 
• Partner with engineering and product teams to embed security into product design and development, drawing on your experience securing large‑scale software systems. 
• Document, track, and communicate security findings to engineering teams with clear remediation guidance, verify fixes, and advise development teams on secure coding practices. 
• Implement security controls and processes for product security, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments. 
• Build and maintain a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java. 
• Mentor, guide, and train on security best practices and secure development processes to engineering teams working in mixed cloud services and operating systems environments. 
• Integrate security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime delivering continuous monitoring and threat detection across cloud services and on-prem systems. 
• Identify security risks and shape strategies for risk mitigation in a fast-paced high-stakes environment. 

• 5+ years hands-on in product or application security, securing software development across large engineering organisations. 
• Deep knowledge of the security principles, attack surface, and remediation patterns for cloud platforms, SaaS tooling, and internal applications. Reasons about threats and risks in terms of real impact, not abstract severity scores. 
• Finds vulnerabilities in infrastructure and application code, then produces proofs of concept that demonstrate risk, not just severity. 
• Extensive hands-on experience with AWS and a clear grasp of the security boundaries of a hybrid environment with on-premises infrastructure. 
• Read code fluently. Python, C++, Rust, Go, or Kotlin/Java: the language matters less than the ability to spot what is unsafe and suggest a safer pattern. 
• Leads threat modelling sessions and turns the output into actionable mitigations for large-scale, complex systems in a trading environment. 
• Communicate clearly, solve problems rigorously, and adapt under pressure. 
• Familiarity with trading financial systems is a plus. 

QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance.