Application Security Expert Lead

Paris, 75, FR

 

ABOUT CFM


Founded in 1991, we are a global quantitative and systematic asset management firm applying a scientific approach to finance to develop alternative investment strategies that create value for our clients.
We value innovation, dedication, collaboration, and the ability to make an impact. Together, we create a stimulating environment for talented and passionate experts in research, technology, and business to explore new ideas and challenge existing assumptions.

 

Are you passionate about application security? Would you like to play a key role in protecting our low-latency processing systems on several continents? We're talking about petabytes of data (our datacentres and the Cloud)!

We're offering you the chance to join our Information Security team as an Application Security Expert Lead. You'll report directly to the Group's CISO and work closely with the development and operations teams in charge of our trading platforms.

 

Here are a few examples of your responsibilities:

  • You will be the internal point of reference for your area of responsibility: your monitoring of best practice and emerging threats will enable you to make proposals for continuous improvement, from design to deployment and management of updates.
  • You will ensure that our software deployment and change management policy is applied, and maintain guidelines and standards for encryption, authentication (human or machine), role- and attribute-based access control, secret management, design review, architecture assessments, etc.
  • You will implement security controls in our CI/CD pipeline.
  • You will work with the teams to ensure secure coding practices, raise awareness of software and component dependency issues, carry out static and dynamic code tests and manage vulnerabilities.


SKILLS

  • You have at least 3 years' higher education in computing, information security or a related field.
  • You have at least 5 years' experience in application security.
  • You are familiar with securing on-premise and Cloud IT architectures: n-tiers, middleware and databases.
  • You are familiar with the most common types of vulnerability (such as OWASP Top 10).
  • You have in-depth knowledge of a security framework such as SSDF.
  • You have a good knowledge of security tools in a CI/CD process.
  • You are able to read, understand and write code, preferably in Python.
  • You have at least a working level of written and spoken English.

 

 

 

EQUAL OPPORTUNITIES STATEMENT


We are continuously striving to be an equal opportunity employer and we prohibit any discrimination based on sex, disability, origin, sexual orientation, gender identity, age, race, or religion. We believe that our diversity, breadth of experience, and multiple points of view are among the leading factors in our success.
CFM is a signatory of the Women Empowerment Principles.
 

FOLLOW US


Follow us on Twitter or LinkedIn or visit our website to find out more about CFM.