Lead Application Security Engineer

Job Title
Lead Application Security Engineer

Summary
We are seeking a highly skilled and experienced Lead Application Security Engineer to join our Global Information Security team. You will play a critical role in integrating security practices into every stage of our software development lifecycle ensuring we deliver secure compliant and high-performing applications aligning security posture with business objectives and meets industry standards.

A Career with Point72s Technology Team
As Point72 reimagines the future of investing our Technology group is constantly improving our companys IT infrastructure positioning us at the forefront of a rapidly evolving technology landscape. Were a team of experts experimenting discovering new ways to harness the power of open-source solutions and embracing enterprise agile methodology. We encourage professional development to ensure you bring innovative ideas to our products while satisfying your own intellectual curiosity.
Our Global Information Security teams mission is to ensure the development implementation and management of a comprehensive program that effectively protects the confidentiality integrity and availability of Point72 information assets. Our team is comprised of security professionals with expertise in a diverse portfolio of security disciplines.
What youll do
Collaborate with the DevOps team to design implement and manage a robust DevSecOps framework for our software development pipeline integrating security tools and processes into our CI/CD workflows to enhance the developer experience
Champion a security-first mindset within the development team promoting secure coding practices and providing guidance on secure development methodologies
Create security focused DevSecOps policies and standards and provide training and awareness to the development team
Develop Key Risk Indicators (KRIs) to track security posture across business lines measure progress and identify outliers
Implement and manage security testing tools and processes within the CI/CD pipeline including static application security testing (SAST) dynamic application security testing (DAST) software composition analysis (SCA) and open source security (OSS)
Work together with the DevOps team to automate security controls and compliance checks within the development pipeline ensuring adherence to industry best practices and regulatory requirements
Troubleshoot and resolve security issues throughout the software development lifecycle
Stay abreast of emerging security threats vulnerabilities and DevSecOps best practices to continuously improve our security posture

Whats required
7-10 years of experience in software development DevOps or security engineering with a strong focus on DevSecOps practices
Expertise in CI/CD tools such as GitHub Jenkins GitLab CI/CD Azure DevOps or similar
Proficiency in infrastructure-as-code tools like Terraform or CloudFormation
Strong scripting and automation skills using Python Bash or similar languages
Experience with security testing tools such as SonarQube SNYK Nessus Qualys or similar
Familiarity with containerization technologies like Docker and Kubernetes
Knowledge of security best practices for cloud environments (AWS Azure GCP)
Understanding of security frameworks and compliance standards such as NIST CSF ISO 27001 SOC 2
Excellent communication and collaboration skills with the ability to work effectively in a fast-paced agile environment
Strong problem-solving skills and a passion for continuous improvement in security practices
Commitment to the highest ethical standards

We take care of our people
We invest in our people their careers their health and their well-being. When you work here we provide:
- Fully-paid health care benefits
- Generous parental and family leave policies
- Volunteer opportunities
- Support for employee-led affinity groups representing women people of color and the LGBT community
- Mental and physical wellness programs
- Tuition assistance
- A 401(k) savings program with an employer match and more

About Point72
Point72 Asset Management is a global firm led by Steven Cohen that invests in multiple asset classes and strategies worldwide. Resting on more than a quarter-century of investing experience we seek to be the industrys premier asset manager through delivering superior risk-adjusted returns adhering to the highest ethical standards and offering the greatest opportunities to the industrys brightest talent. For more information visit annual base salary range for this role is $220000-$260000 (USD) which does not include discretionary bonus compensation or our comprehensive benefits package. Actual compensation offered to the successful candidate may vary from posted hiring range based upon geographic location work experience education and/or skill level among other things.