G-Research is Europe’s leading quantitative finance research firm. We hire the brightest minds in the world to tackle some of the biggest questions in finance. We pair this expertise with machine learning, big data, and some of the most advanced technology available to predict movements in financial markets.
Software Engineering is core to our business. By designing and implementing real-time systems, our engineers are solving some of the world’s most complex financial problems.
Security of in-house software is central to the business’ goals. We don’t want privilege escalations, buffer overflows, or bad API inputs to compromise the integrity or security of our systems or data.
We believe every engineer should have the tools at their disposal to make smart security decisions as far left in the development lifecycle as possible – while writing code, during compilation, and while deploying. Productivity of our delivery teams is critical, and security tooling must be seamlessly integrated with our engineers’ existing processes wherever possible.
We also believe that our security controls should be tested regularly via automation, to provide continuous assurance to our compliance teams about the security and risk level of our software.
Ensuring that engineers in G-Research have everything they need to meet these commitments is the responsibility of our DevSecOps Tooling team.
In this team, your key responsibilities will be:
- Trialling, adopting, developing, and running security tooling such as:
- Fuzz testing frameworks
- Security risk metric + analysis
- Dynamic and Static Application Security Testing (DAST and SAST) tools
- Creating security capabilities that support other engineering teams, such as:
- Integrity validation tooling for deployment pipelines
- Configuration analysis tooling
- Defining demonstrating and driving the adoption of an efficient and effective secure software development lifecycle, for example:
- Security-focused unit testing
- Security-focused automated integration testing
- Policies for Open Source and third party software usage
- Building a security testing framework, to allow aggregation of automated security testing results from across G-Research
- Working with our infrastructure teams to integrate security testing into the environments and platforms that we build
Who are we looking for?
You will be a confident, highly competent individual with extensive experience in software development or infrastructure automation. An interest in computer security is required; prior experience is not necessary but is advantageous. The candidate should be willing to cross-train to develop their security expertise and this role offers exceptional opportunities for skills and career development.
The ideal candidate will:
- Have ability to understand complex software architectures, computer science fundamentals and data structures
- Enjoy collaborating with your software engineering colleagues to solve technical problems and drive continuous improvement
- Be passionate about seeking out and learning new technologies and processes to improve the Software Development Lifecycle
- Possess excellent programming or Infrastructure-as-Code skills – maybe you know C# or Java or are willing to cross train from a similar language. Maybe you’re a Python guru, or maybe you know Ansible, Terraform and Jenkins scripting inside out
- Have good communication skills – the successful candidate will act as a conduit between the information security team and the other software teams within the business
- Have strong academics – good A-level (or equivalent) results combined with a 2.1 or better from a top university in a relevant subject area
Desirable knowledge and skills:
- Experience using security tooling, ideally Open Source, in areas such as fuzz testing, DAST, SAST
- Experienced using modern development practices in a team setting
- Agile, Continuous Delivery, TDD, BDD.
- Cloud and container platform experience such as OpenStack, Kubernetes, Azure or AWS
Why should you apply?
- Highly competitive compensation plus annual discretionary bonus
- Informal dress code and excellent work/life balance
- Comprehensive healthcare and life assurance
- 25 days holiday
- 9% contributory pension scheme
- Cycle-to-work scheme
- Subsidised gym membership
- Monthly company events
- Central London office close to 5 stations and 6 tube lines