Senior Security Engineer Cloud & DevSecOps in OAK'S LAB

Capital Markets Gateway LLC. (CMG) is a financial technology firm, uniquely focused on the equity capital markets (ECM), connecting investors and underwriters via a collaborative network. Launched in 2017 by a team of ECM practitioners, CMG has completed two successful fundraising rounds and is backed by a group of the world's most prestigious financial institutions such as Goldman Sachs, JPMorgan, UBS, and Barclays to name a few. The CMG platform is currently built upon by nearly 135 buy-side firms representing $40 trillion in assets under management and 17 global investment banks.

We are seeking a proactive and highly skilled Senior Security Engineer specializing in Cloud & DevSecOps to enhance our security posture across cloud infrastructure, applications, and development practices. This hands-on role focuses on securing cloud environments and integrating security into development pipelines.

Cloud & Infrastructure Security

• Design and implement cloud security architecture across multi-cloud platforms (Azure, AWS/GCP).
• Conduct risk assessments and secure environments using Infrastructure as Code (IaC) tools like Terraform.
• Collaborate with DevOps on initiatives related to network security, data protection, and secure configurations.

Application Security & DevSecOps

• Integrate security best practices into the Software Development Life Cycle (SDLC) for languages such as .NET, JavaScript, and Python.
• Work with development teams to enforce secure coding standards and maintain API security.
• Secure containerized applications deployed via Kubernetes and perform threat modeling for existing applications.
• Perform threat modeling and risk assessments for both new and existing applicationsImplement and maintain any required security audit trails and/or integrations into security monitoring apparatus

Security Automation & Compliance

• Develop policy-as-code frameworks and automate security testing in CI/CD pipelines using tools like GitHub Actions.
• Monitor vulnerabilities in cloud infrastructure and application environments through regular scans.
• Support compliance initiatives (e.g., SOC2) to ensure adherence to regulatory standards

Security Governance & Leadership

• Mentor engineers on security best practices across cloud and application domains.
• Serve as a subject matter expert in areas like identity management, encryption, and data loss prevention.
• Maintain security documentation and stay informed on emerging threats and technologies.

• C1 or C2 level English
• 7+ years of hands-on experience in information security, with a strong focus on cloud and application security
• 4+ years of experience securing cloud platforms (Azure preferred, AWS, GCP), including deep expertise with cloud-native security tools and Infrastructure as Code (Terraform)
• Proven track record securing application environments and integrating security into DevOps practices
• Strong understanding of API security, encryption, and secrets management in distributed cloud environments
• Hands-on experience with automation tools like Terraform and Ansible, and security-focused CI/CD pipelines
• Expertise in securing containerized environments (Docker, Kubernetes) and addressing vulnerabilities in container images and dependencies
• Strong knowledge of cryptography, key management and data protection best practices

Key Technologies

• CloudPlatforms: Azure (preferred), GCP, AWS
• Infrastructure-as-Code (IaC): Terraform
• Languages: .NET, JavaScript, Python, Bash, Powershell
• Containers: Docker, Kubernetes
• CI/CD Tools: GitHub
• Database: PostgreSQL
• Secrets Management: Key Vault
• Operating Systems: Linux, Windows, MacOS

• Strong ownership and initiative, with the ability to work independently in a fast-paced environment
• Excellent multitasking and prioritization skills, capable of handling complex, concurrent tasks
• Passion for security innovation, staying ahead of emerging threats, and continuously improving security processes
• Detail-oriented, ensuring thorough tracking of issues and resolutions

• 15 days of vacation
• Gym membership contribution
• Language courses
• Tech courses and conferences
• Top-of-the-line MacBook
• Potential trips to the USA
• Company team-building events
• Flexible working hours and the possibility to work from home