SECURITY ENGINEER: INSURANCE at TWO SIGMA
Two Sigma Insurance Quantified (TSIQ) seeks to partner with leaders in the insurance industry by applying Two Sigma's core engineering, modeling and analytics capabilities. TSIQ works closely with its industry partners to deliver products and solutions, which lead to enhanced automation and data-driven decision making. Comprised of a diversified and growing team of highly skilled data scientists, engineers, and business professionals, TSIQ possesses the agility and innovation of a dynamic startup with the resources and long-term view of Two Sigma.
Two Sigma is a technology company dedicated to finding value in the world's data. Since its founding in 2001, Two Sigma has built an innovative platform that combines extraordinary computing power, vast amounts of information, and advanced data science to produce breakthroughs in investment management, insurance and related fields. Today, Two Sigma manages approximately $52+ billion in assets, employs more than 1,000 people and has offices in New York, Hong Kong, Houston and London.
The TSIQ Engineering team is made of multiple functional teams responsible for all the software components, services and cloud infrastructure that power the TSIQ Insurance platform (IQ OS)
TSIQ is looking to add a Security Engineer to its team as we develop IQ OS and work with our industry partners. Your core mission is to ensure that our services, applications, and infrastructure are designed and implemented to the highest security standards. You will have the opportunity to learn from, and be mentored by a growing security and engineering team whose mission is to use industry leading practices to secure our deployments.
● Engineer security controls and process in our applications, services, and cloud infrastructure
● Infrastructure and application security assessment
● Application and infrastructure design review and control recommendation
● Work with a variety of engineering and infrastructure teams to review and improve security controls
● Design, build, and improve all aspects of our secure engineering lifecycle
● Application Security testing using static and dynamic testing tools
● Perform code reviews on internal products and open source libraries
● Communicate security concepts and recommendations to engineers and enable them to write secure code
● BA/BS in Computer Science or related technical field, or equivalent experience.
● At least 3 years as a security engineer directly contributing to systems/services and supporting them in production.
● At least 2 years of experience with application security testing and review using modern static and dynamic testing tools
● Knowledge of common application security vulnerabilities and secure engineering practices to mitigate such attacks.
● Ability to read code in a wide variety of languages, discover security vulnerabilities with ease, and explain them to engineers in plain English
● Defensive experience in prioritizing security vulnerabilities, missing controls, and unknown systems
● At least 2 years working with common and industry standard cloud-native/cloud-friendly authentication mechanisms (SAML, OAuth, etc).
● At least 2+ years of exposure to service-oriented architecture for cloud-based services.
● Cloud security and architecture or related certifications
● Experience with modern programming languages.
● Familiarity with security issues in CI/CD
● Technical writing experience.
● Strong passion for security best practices and the ability to partner with other parts of the Engineering organization.