Senior Cyber Security Engineer

Company Overview Arrowstreet Capital is a Boston–based systematic investment firm that manages global equity portfolios for institutional investors around the world. Our firm manages approximately $152 billion for over 232 client relationships. Job Overview This position is a lead technical role within the Cyber Security team. This role will contribute to enhancing our current cyber security program. This role will work closely with the head of Cyber security around the identification, management and treatment of cyber security risk, as they relate to sensitive applications and data. Responsibilities Mature and expand DLP program, including all operational activities and workflows, partnering with compliance and business teams to effectively protect sensitive data Work closely with IT and Development leads to identify and implement technologies and processes required to enable and continuously mature program effectiveness across the enterprise Work on enhancing vendor management program, reviewing 3rd party control controls and making recommendations based on Vendors current security posture Support Legal and Compliance to respond to Regulatory requests and ensure controls meet current requirements Understand emerging threats, recommend remediation steps required to mitigate current threat landscape Performing application, vendor, and cloud security reviews and supporting system vulnerability assessments. Defining cyber security governance and control strategies for emerging technologies Defining and driving the implementation of technology requirements for the application development community to proactively integrate security requirements as part of software development life cycle Contribute to the development and improvement of security monitoring and incident response processes and solutions as required to support our cyber security program. Qualifications Understanding of MITRE ATT&CK framework TTP's Experience supporting security application development initiatives requiring innovation, automation, and integration Experience in designing and implementing Identity and Access Management systems Experience threat intelligence reports and feeds, designs remediation for profile or toolset changes based on reviews Experience interpreting security and information protection policies into executable requirements and technical solutions Experience in security engineering principles involving application security, security testing, communications / network security, and other areas of cyber security Ability to manage the evaluation and implementation security controls as they relate emerging technologies Understanding / proficiency in applications, containerization, APIs, web services Experience in the following technologies – SIEMs, WAFs, IDS/IPS, anti–malware, EDR, secure cloud access, vulnerability scanning platforms, FIM, DLP, and encryption Programming and scripting skills would ideally include one or more of the following: C#, Python, Ruby, PowerShell or Bash Collaboration, prioritization, and adaptability skills required Ability to work in a lead roles well as work independently Successful experience interacting with internal customers and project co–workers Knowledge of regulation and standards compliance We maintain a friendly, team–oriented environment and place a high value on professionalism, attitude and initiative.