.The company:Capital Markets Gateway (CMG) is a financial technology firm that is modernizing the equity capital markets (ECM).
CMG connects investors and underwriters via a neutral platform that delivers integrated ECM data and analytics, transparency, and workflow efficiencies.
Providing a digital system of record for firm-wide deal activity, CMG helps clients make more timely, better-informed decisions.Launched in 2017 by a team of ECM practitioners, the CMG platform is currently relied upon by nearly 100 buy-side firms representing $20 trillion in AUM and 15 investment banks.
CMG's goal is to alleviate pain points resulting from disparate solutions, fragmented data, and frenzied communication.CMG's DataLab product solves for data analytics, while CMG's XC platform establishes connectivity between buy- and sell-side firms.Position Overview:CMG is seeking a proactive and highly skilled Senior Security Engineer focused on Cloud & DevSecOps to drive and elevate the security posture across our cloud infrastructure, applications, and DevOps practices.
This role merges the responsibilities of securing cloud environments and integrating security into development pipelines, ensuring the safety of both infrastructure and application code.
The successful candidate will collaborate closely with various teams, including Security, DevOps, and Engineering, to identify risks, implement security controls, and continuously improve security processes.
This is a hands-on role focused on cloud security architecture, application security, and security automation.Key Responsibilities:Cloud & Infrastructure SecurityDesign, implement, and evolve cloud security architecture strategies and frameworks across multi-cloud platforms (i.E., Azure and either AWS/GCP).Conduct risk assessments and secure cloud environments using Infrastructure as Code (IaC) tools like Terraform, ensuring compliance with security standards and policies.Partner with DevOps on cloud security initiatives, including network security, data protection, secure configurations, and encryption.Ensure cloud-native services are secured, such as identity management, storage, and compute resources, while ensuring adherence to regulatory and industry standards.Application Security & DevSecOpsIntegrate security best practices into the Software Development Life Cycle (SDLC), focusing on secure coding, dependency management, and continuous vulnerability scanning for languages such as .NET, JavaScript, and Python.Collaborate with development teams to establish security standards and enforce secure coding practices.Implement and maintain API security standards, including authentication, encryption, and secrets management.Ensure containerized applications are secured deployed via Kubernetes, managing both image security and runtime security risks.Perform threat modeling and risk assessments for both new and existing applications