ABOUT CFM

Founded in 1991, we are a global quantitative and systematic asset management firm applying a scientific approach to finance to develop alternative investment strategies that create value for our clients.
We value innovation, dedication, collaboration, and the ability to make an impact. Together, we create a stimulating environment for talented and passionate experts in research, technology, and business to explore new ideas and challenge existing assumptions.

ABOUT THE ROLE

Are you passionate about application security and ready to serve as a subject matter expert in both application security and DevSecOps? In this role, you’ll be instrumental in protecting our low-latency processing systems and trading platforms across diverse environments. Reporting directly to the Group’s CISO, you will work collaboratively with development, infrastructure, and operations teams to embed security into every phase of our software development lifecycle. 

Overview & Key Responsibilities:

• Serve as the internal point of reference and Subject Matter Expert for application security and DevSecOps practices. 

• Advise on best practices and long-term strategy for secure automation, ensuring security is integrated at all stages—from design and development to deployment and operations. 

• Lead the development and implementation of robust security controls in our CI/CD pipeline, including automated testing, compliance checks, and vulnerability management. 

• Collaborate with cross-functional teams (software developers, infrastructure engineers, and security officers) to ensure all solutions follow secure coding practices and meet industry standards (e.g., ISO 27001, NIST CSF, SOC 2). 

• Conduct comprehensive design reviews, threat modeling, and architecture assessments to proactively identify and mitigate security risks in new and existing solutions. 

• Establish and enforce policies for encryption, authentication (both human and machine), access control (role- and attribute-based), secret management, and secure configurations in cloud (AWS, GCP, or Azure) as well as on-premises environments. 

• Champion Infrastructure as Code (IaC) practices by integrating security checks into automated deployment processes using tools such as Terraform, CloudFormation, or Ansible. 

• Develop, monitor, and report Key Risk Indicators (KRIs) to track security performance and drive continuous improvement. 

• Provide leadership and training—both informally and through scheduled workshops—to upskill teams on secure development practices, DevSecOps tools, and emerging industry trends. 

Profile description:

Minimum Qualifications:

• Bachelor’s degree (or equivalent practical experience) in Computer Science, Information Security, or a related field. 

• A minimum of 5 years of hands-on experience in application security, with proven expertise securing modern architectures—including cloud environments, containerized applications, serverless platforms, APIs, and traditional on-premises systems. 

• Demonstrable experience implementing and managing secure CI/CD pipelines and integrating DevSecOps practices. 

• Proficiency in Linux environments, networking protocols (TCP/IP, UDP, HTTP, HTTPS), and microservices architectures. 

• Strong coding skills in at least one modern language (e.g., Python) with the ability to read, analyze, and communicate code vulnerabilities to both technical and non-technical audiences. 

• Familiarity with common security frameworks and methodologies (e.g., OWASP Top 10, NIST SSDF) and hands-on experience with security testing tools (e.g., DAST, SAST, …). 

• Excellent written and verbal communication skills, with proven ability to transform complex technical concepts into clear business and security recommendations. 

 
Preferred Qualifications:

• An advanced certification such as Certified Secure Software Lifecycle Professional (CSSLP) is highly desirable. 

• Experience with penetration testing, threat modeling, and conducting comprehensive security assessments and audits. 

• Demonstrated expertise in cloud security across AWS, GCP, or Azure, and extensive experience securing on-premises systems to ensure a cohesive security posture across all environments. 

• Strong background in implementing and managing Infrastructure as Code (IaC) and automation tools (e.g., Terraform, Ansible, CloudFormation). 

• Proven ability to mentor cross-functional teams, drive a culture of continuous security improvement, and lead innovative security initiatives. 

EQUAL OPPORTUNITIES STATEMENT

We are continuously striving to be an equal opportunity employer and we prohibit any discrimination based on sex, disability, origin, sexual orientation, gender identity, age, race, or religion. We believe that our diversity, breadth of experience, and multiple points of view are among the leading factors in our success.
CFM is a signatory of the Women Empowerment Principles.

FOLLOW US

Follow us on Twitter or LinkedIn or visit our website to find out more about CFM.