Vice President - Security Engineer
About AQR Capital Management
AQR is a global investment management firm built at the intersection of financial theory and practical application. We strive to deliver superior, long-term results for our clients by seeking to filter out market noise to identify and isolate what matters most, and by developing ideas that stand up to rigorous testing. Underpinning this philosophy is an unrelenting commitment to excellence in technology — powering our insights and analysis. This unique combination has made us leaders in alternative and traditional strategies since 1998.
AQR takes a systematic, research-driven approach, applying quantitative tools to process fundamental information and manage risk. Our clients include institutional investors, such as pension funds, insurance companies, endowments, foundations and sovereign wealth funds, as well as financial advisors.
AQR is seeking a Senior Security Engineer who will partner with senior application development leads to build secure cloud-based applications in AWS under the purview of a secure software development lifecycle. The Senior Security Engineer has a proven track record of embedding security in the scope of application developer responsibilities and empowering them to build secure applications from the outset.
This role will require detailed understanding of application security threats including but not limited to misconfiguration of application setup, unauthorized access, insecure APIs and interfaces, and other common threat vectors. The Senior Security Engineer will also be responsible for mentoring and coaching junior security engineering professionals focused on implementing and operating security technologies.
We are looking for a Senior Security Engineer who is passionate about:
- Partnering as a technical security engineering expert alongside application development leads
- Evangelizing DevSecOps principles that focus on fully integrating security into the continuous integration (CI) and continuous delivery (CD) pipelines for automated deployment
- Designing application security solutions that leverage AWS services
- Providing deep application security knowledge with respect to cloud native applications
- Advising and implementing AWS cloud security best practices (e.g., SecurityHub)
- Working as both an infrastructure security and application security specialist
- Experience (10+ years) in engineering highly technical security infrastructure environments, preferably in Financial Services or related verticals with regulatory requirements
- Experience (7+ years) in implementing security engineering projects in Amazon Web Services (AWS) with an emphasis on application security design and principles
- BS level technical degree or equivalent experience; Computer Science or Engineering background preferred; Master’s Degree preferred
- Strong verbal and written communication skills, with the ability to partner with senior application development leads
- Extensive experience with application security and secure software development lifecycle (S-SDLC)
- Extensive experience in application security assessment tools, e.g., JFROG X-Ray, Fortify, etc.
- Proficiency in Integrated Development Environments (IDEs) and performing secure code reviews
- Proficiency with Infrastructure as Code, specifically, AWS CloudFormation and/or other configuration-as-code tools such as Ansible or Terraform
- Experience with container security for cloud compute, e.g., Docker
- Experience with AWS IAM policy and authentication and authorization technologies in the AWS cloud environment
- Understanding of OWASP application security standards and best practices
- Understanding of firewall, proxy, networking, and data protection technologies
- Experience with deployment methodologies and DevSecOps principles
- Understanding Git as source code control and part of a deployment pipeline
- Experience with hands on programming and scripting skills
- Experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF
- Earned Cloud Architecture and/or Cloud Security Certifications (AWS, Azure) and/or Cloud Security Alliance certifications (CCSP, CCSK) (ISC)2
- Earned the Offensive Security Certified Professional (OSCP) certification
Life at AQR
AQR offers generous benefits: 100% paid Medical, Dental and Vision coverage. Perks include health and wellness allowances, meditation programs, onsite breakfasts and lunches and stocked kitchens with seasonal treats.
Employees participate in a range of connectivity and community building events & experiences the firm offers: Book Clubs, Research Colloquiums, baseball outings, Star Wars premiere, our Food Truck Social and volunteer opportunities.
Learning & Development
QUANTA, the firm's learning and development program, offers both professional and personal growth opportunities through 350+ classes per year.