Talent.com
No longer accepting applications
Platform Security Engineering Lead

Platform Security Engineering Lead

Aquanowlondon, on, ca
30+ days ago
Job type
  • Full-time
Job description

Aquanow, a leading infrastructure and liquidity provider that provides institutional and enterprise application platforms for digital assets globally. This is a unique opportunity to work alongside a highly-experienced team and contribute to the development of a high-growth trading and technology company.

If you want to have your name in the success story of a globalizing company, we look forward to receiving your application to the winning Aquanow team!

About the Role :

We are seeking a seasoned Platform Security Engineer to lead all aspects of platform security. This is a senior role that blends both technical vision, leadership and a requirement for being hands-on in embedding security and resilience. The role requires excellent communication skills, the ability to drive and deliver a razor sharp path for improving Aquanow’s security posture across platforms and services.

What You’ll Do :

Security Engineering and Architecture

  • Development and review of security architecture for all platforms, services, APIs and CI / CD pipelines.
  • Lead and execute threat modelling efforts across the Engineering team.
  • Lead and perform security architecture reviews and ensure technical decisions are aligned with risks and engineering velocity.
  • Partner with Engineering and promote security practices such as hardening standards for applicable components, logging practices etc.
  • Work with the broader Security team, Engineering and GRC to tune, scale security tooling, automation and secure processes.
  • Design, review, and ensure security controls, including authentication / authorization, secret management, account takeover protection, and application layer threat detection.
  • Work closely with developers to code securely from the outset and address issues early during coding and testing phases. Ability to conduct in-depth security reviews of application code.
  • Enhance security tool accuracy and oversee vendor / open-source proof-of-concepts (PoVs).
  • Evangelize security culture through security champion program and technical developer-focused security training.

Strategic

  • Define and help execute a comprehensive platform security strategy that aligns with business, technology and product objectives.
  • Establish KPIs, OKRs and reporting mechanisms.
  • Guide Engineering teams in designing and integrating security aspects into Aquanow’s products, services, and software development lifecycle.
  • Help to continue to develop team and security service capabilities across the Security domains in close collaboration with the broader Security and GRC teams.

    • You’ll Need to Have :

  • 10+ years of experience working with AWS cloud architecture and application security with a strong software engineering foundation.
  • Expert understanding of mobile, web, cloud, container, and cryptographic technologies and security practices.
  • Offensive security minded with in-depth knowledge of current and emerging cyber threats, testing procedures, and their mitigations.
  • The ability to quickly and deeply learn new technology stacks and modern CI / CD pipelines, including Docker, Kubernetes, AWS, Node.js and gRPC.
  • Experience with Javascript, Typescript, and Node.js
  • Experience with Java and related toolchains
  • Experience with manual source code review, and embedding security to code in production environments.
  • Experience with deploying application security tools in the CI / CD pipeline
  • Relevant certifications (e.g. OSCP, OSWE, GWAPT, CISSP) are a plus.
  • Strong knowledge of security principles, best practices, and common vulnerabilities (e.g., OWASP Top 10)
  • Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.
  • Familiarity with CI / CD tools such as GitHub Actions, Jenkins or CircleCI.
  • Ability to work independently and problem solve.
  • Strong independent critical thinking with the capability to form, check and challenge opinions through knowledge sharing.
  • Skillful in assessing and managing security risks with a pragmatic solution-first approach.

    • The Interview Process :

  • Stage 1 : A 45-minute intro with the IT Security Lead
  • Stage 2 : A 60-minutes deep dive with the VP of Engineering
  • Stage 3 : A 45-minute video call with the CISO
  • Stage 4 : Potential for a short follow up video call
    • Create a job alert for this search

    Engineering Lead • london, on, ca