Lead Application Security Engineer

A Career with Point72's Technology Group

As Point72 reimagines the future of investing, our Technology group is constantly improving our company's IT infrastructure, positioning us at the forefront of a rapidly evolving technology landscape. We're a team of experts experimenting, discovering new ways to harness the power of open-source solutions, and embracing enterprise agile methodology. We encourage professional development to ensure you bring innovative ideas to our products while satisfying your own intellectual curiosity.

Our Global Information Security team's mission is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of Point72 information assets. Our team is comprised of security professionals with expertise in a diverse portfolio of security disciplines.

What you'll do

Collaborate with the DevOps team to design, implement, and manage a robust DevSecOps framework for our software development pipeline, integrating security tools and processes into our CI/CD workflows to enhance the developer experience

Champion a security-first mindset within the development team, promoting secure coding practices and providing guidance on secure development methodologies

Create security focused DevSecOps policies and standards and provide training and awareness to the development team

Develop Key Risk Indicators (KRIs) to track security posture across business lines, measure progress and identify outliers

Implement and manage security testing tools and processes within the CI/CD pipeline, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and open source security (OSS)

Work together with the DevOps team to automate security controls and compliance checks within the development pipeline, ensuring adherence to industry best practices and regulatory requirements

Troubleshoot and resolve security issues throughout the software development lifecycle

Stay abreast of emerging security threats, vulnerabilities, and DevSecOps best practices to continuously improve our security posture

What's required

7-10 years of experience in software development, DevOps, or security engineering, with a strong focus on DevSecOps practices

Expertise in CI/CD tools such as GitHub, Jenkins, GitLab CI/CD, Azure DevOps, or similar

Proficiency in infrastructure-as-code tools like Terraform or CloudFormation

Strong scripting and automation skills using Python, Bash, or similar languages

Experience with security testing tools such as SonarQube, SNYK, Nessus, Qualys, or similar

Familiarity with containerization technologies like Docker and Kubernetes

Knowledge of security best practices for cloud environments (AWS, Azure, GCP)

Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2

Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment

Strong problem-solving skills and a passion for continuous improvement in security practices

Commitment to the highest ethical standards

We take care of our people

We invest in our people, their careers, their health, and their well-being. When you work here, we provide:

• Private Medical and Dental Insurances
• Generous parental and family leave policies
• Volunteer opportunities
• Support for employee-led affinity groups representing women, people of colour and the LGBQT+ community
• Mental and physical wellness programmes
• Tuition assistance
• Non-contributory pension and more

About Point72

Point72 Asset Management is a global firm led by Steven Cohen that invests in multiple asset classes and strategies worldwide. Resting on more than a quarter-century of investing experience, we seek to be the industry's premier asset manager through delivering superior risk-adjusted returns, adhering to the highest ethical standards, and offering the greatest opportunities to the industry's brightest talent. For more information, visit