Cybersecurity Engineer
Hermeneutic Investments London, United Kingdom
We are a rapidly growing crypto hedge fund, 2 years old, managing a 9-figure AUM, generating 200%+ annualized returns with a 4 Sharpe. We've grown to a team of ~40 across Trading & Research, Tech, and Operations.
About the Role
We are looking for a Cybersecurity Engineer who can help us implement controls across the various environments we manage and fortify our security posture internally. Reporting to the digital security lead.
This is an opportunity:
* To take up an operational cybersecurity role at one of the fastest growing hedge funds in the digital asset space.
* To work in a dynamic environment.
We don’t micro-manage, and as such, we are looking for a self-starter that can get the ball rolling on their own with minimal guidance on assigned tasks.
We work with new technologies and try to adopt future-proof technology that protects our employees without them needing to concern themselves with it as much as we can. Security should be at most times transparent and simple to use and manage.
What You Will Be Doing
As our Cybersecurity Engineer, you'll be working with other tech teams and overseeing, implementing, and managing security controls across various cloud and physical assets in the company, as well as in-house developed applications and platforms.
* Work with vendors on aligning security requirements to current best practices and our internal requirements.
* Conduct internal audits for our own platform, access reviews, third party alignment, and documentation of controls.
* Research and understand current best practices and their application to our environment and dealings.
Examples of activities you will partake in and learn how to:
* Security incident response and management.
* Threat modeling and risk assessments.
* Security awareness training development/delivery.
* Vulnerability management and penetration testing coordination.
* Security architecture design and review.
* Compliance monitoring and reporting.
* Security policies and procedures development.
Requirements
Must Have
* 3+ years in one or more of the following cybersecurity domains: audit, appsec, devsecops, systems engineering.
* Understanding of cloud computing and cloud security.
* Experience with ZeroTrust networking and architecture.
* Worked with various security tools - Secret managers, SIEM, MDM, EDR, API gateways.
* SSDLC hands-on experience with at least two of the following: Python, C++, Node, React, Svelte.
* CI/CD pipeline experiences with Github and IaC (Infrastructure as Code).
Nice to Have
* Understanding of cybersecurity frameworks - NIST CSF 2.0, CMMC.
* Third-Party auditing and risk understanding.
* DevSecOps background.
* Understanding of IAM and how to work with it.
* Hands-on experience with Linux and AWS.
* Implementation of CIS hardening guidelines on a variety of systems.
* Incident management and response experience.
Interview Process
* Cultural fit interview with our partner.
* Use case presentation.
* Personal interview.
* Additional rounds may be conducted as necessary with other team members or our partners.
Throughout the process, you'll be assessed for cultural fit through our company values:
* Drive - We believe the best team members are passionate about what they do, and that propels them to greater heights in their career.
* Ownership - We aim to give ownership interest to as many people in the firm as possible, but in return, we expect everyone to act like owners.
* Judgement - We look for team members who consistently look at the big picture and spend their time on the activities that most drive PnL.
* Openness - We want a culture where we proactively share information with one another and challenge each other with constructive debate to reach the truth.
* Competence - We value people with high intellectual horsepower.
#J-18808-Ljbffr