
Qube Research & Technologies · London
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a ...
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset
classes across the world. We are a technology- and data-driven group implementing a scientific approach to investing. Combining
data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex
challenges. QRT’s culture of innovation continuously drives our ambition to deliver high-quality returns for our investors.
You will join the Security team, working closely with Software Engineers and Infrastructure teams to embed security into the
design, development, and operation of systems across cloud services, business applications, and core infrastructure.
Your Future Role within QRT
applications on Windows and Linux platforms
for fast-moving environments
C++, Rust, Go, and Kotlin/Java
runtime environments
Your Present Skillset
applications
QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and
respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to
enable employees achieve a healthy work-life balance.
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology and trading expertise has shaped QRT’s collaborative mindset which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. Your future role within QRT QRT is hiring a Senior Product Security Engineer to protect diverse tech systems across cloud, business apps, and core infrastructure. In this role, you’ll drive automated security processes, influence architecture, and lead strategic security projects. Working closely with IT, cloud, and engineering teams, you'll implement security solutions for low-latency systems and multi-cloud platforms, including AWS, Azure, and Alibaba Cloud. You'll also secure hybrid infrastructures across Python, C++, and Kotlin/Java environments, ensuring robust protection that supports QRT’s high-speed, data-driven operations. * Support the implementation of security controls and processes for product security, focusing on a broad range of systems, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments. * Collaborate with engineering and product teams to integrate security into product design and development, applying your experience in securing large-scale software systems in a fast-moving environment. * Contribute to the development and maintenance of a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java. * Conduct threat modeling, vulnerability assessments and security code reviews across different platforms, ensuring security is embedded at every stage of the development lifecycle. * Provide mentorship, guidance, and training on security best practices and secure development processes to engineering teams working in mixed cloud and operating systems environments. * Perform vendor security reviews to assess third-party security practices and ensure compliance with QRT’s standards. * Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and on-prem systems. * Proactively identify security risks and develop strategies for risk mitigation in a fast-paced high-stakes environment. Your present skillset * At least 7 years of experience in product security or similar roles with significant practical experience in securing software development at scale. * Proven record of accomplishment in secure coding practices and development experience in development languages such as Python, C++, Rust, Go and Kotlin/Java. * Strong technical background in software development, system architecture and security tools. * Strong understanding of security principles, techniques and technologies related to software and product security, cloud platforms and business applications. Knowledge of low-latency financial systems would be an advantage. * Experience working with and securing both Windows and Linux-based systems. * Extensive experience with one or more cloud platforms such as AWS, Microsoft Azure and Alibaba Cloud used in a hybrid environment. * In-depth knowledge of threat modeling, risk assessment and development of mitigation strategies for large-scale, complex systems in a fast-paced environment. * Experience integrating security scanning tools into CI/CD pipelines and runtime environments. * Experience conducting vendor security reviews and managing third-party security assessments. * Excellent leadership, problem-solving, communication and adaptability skills, suited for a senior-level position in a fast-paced environment. QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance.
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. The Security Assurance team is responsible for identifying, assessing, and validating security risks across QRT’s technology environment. The team works closely with Security Engineers, Software Engineers, Infrastructure Engineers, Cloud Engineers, and Technology stakeholders to evaluate the effectiveness of security controls and strengthen the firm's overall security posture through adversarial testing and assurance activities. Your Future Role within QRT You will: * Conduct internal penetration testing across a wide range of systems, including trading infrastructure, cloud platforms, APIs, and business applications in both Windows and Linux environments. * Perform red team-style assessments and adversarial simulations to identify weaknesses in detection, response, and resilience capabilities. * Design and execute security assurance strategies to validate the effectiveness of security controls across applications, infrastructure, and cloud environments. * Coordinate external penetration testing engagements with third-party security vendors, including scoping, execution oversight, validation of findings, and remediation tracking across cloud, infrastructure, and application environments. * Identify, exploit, and clearly document vulnerabilities, providing actionable remediation guidance tailored to engineering teams. * Collaborate with product security and development teams to ensure vulnerabilities are properly remediated. * Support threat modelling exercises by providing an attacker’s perspective on system design and architecture. * Develop and maintain tooling, scripts, and frameworks to automate testing and improve coverage of security assessments. * Contribute to continuous security testing within CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls. * Conduct security reviews of internal and third-party systems, validating real-world exploitability of identified risks. * Provide mentorship and training to engineers on common attack vectors, exploitation techniques, and secure design principles. * Stay current with emerging threats, vulnerabilities, and offensive security techniques relevant to financial systems and low-latency environments. Your present skillset: * 5+ years of experience in penetration testing, red teaming, or security assurance roles, with hands-on experience testing complex, large-scale systems. * Strong practical knowledge of offensive security techniques, including web application, API, network, and cloud exploitation. * Solid understanding of system internals, networking, and common vulnerability classes, including OWASP Top 10, logic flaws, authentication and authorisation issues, and race conditions. * Familiarity with both Windows and Linux environments from an attacker’s perspective. * Experience using standard penetration testing tools such as Burp Suite, Metasploit, Nmap, BloodHound, and similar offensive security tooling. * Ability to assess the real-world impact of vulnerabilities and prioritise risks in a high-stakes environment. * Ability to clearly document findings, explain exploitability, and provide practical remediation guidance to engineering and infrastructure teams. * Strong communication skills, with the ability to clearly articulate technical risks and remediation strategies to engineering stakeholders. * Ability to operate independently, manage multiple assessments, and provide senior-level technical judgement during security assurance activities. * Preferred: * Experience testing applications and services developed in languages such as Python, C++, Rust, Go, and Kotlin/Java. * Experience with cloud security testing across AWS or Azure, including IAM, network configuration, storage, managed services, and common cloud misconfigurations. * Experience developing custom penetration testing tools, automation, scripts, exploits, or fuzzers. * Experience integrating security testing into CI/CD pipelines or supporting continuous assurance practices. * Understanding of detection and response mechanisms, with the ability to evaluate or bypass them during controlled testing. * Experience conducting red team exercises, adversary simulations, or purple team engagements. * Experience with containerised environments, Kubernetes, infrastructure-as-code, or hybrid cloud infrastructure. * Knowledge of low-latency systems, financial trading environments, or high-performance distributed systems. * Relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, CCT INF, or equivalent practical experience. QRT is an equal opportunity employer. We value diversity as essential to our success and are committed to creating an environment where employees can work openly, respectfully, and collaboratively. In addition to supporting professional achievement, QRT offers initiatives and programmes designed to help employees maintain a healthy work-life balance.
ABOUT COMMERCETOOLS Real innovation starts with a strong foundation, and at commercetools, that comes from the perfect balance of our product and our people. Behind every leap forward is a collective of builders, explorers, doers, makers, and problem-solvers. The kind of people who not only pioneered a more flexible approach to commerce architecture but also shaped the culture of experimentation that approach unlocked. Together they are the engine of commerce innovation today. At commercetools, we power the next era of commerce for our customers. Whether it’s AI-driven solutions that help enterprises make smarter business decisions, bridging digital and physical shopping experiences, or enabling entirely new ways for industries to connect with their customers, we help the world’s most ambitious companies experiment, scale, and grow without limits. Here the best idea wins, not the loudest voice. You will have the tools, trust, and space to not only build the future of commerce, but to build your own. YOUR IMPACT As our Principal Engineer Product Security , you’ll support the Engineering team by solving challenging technical problems for an ambitious product and enabling teams to "shift left" to build secure services on multi-cloud infrastructure. You will: * Formulate, evangelise, and drive adoption of the product security strategy * Assess, advise on, and increase the security maturity posture * Create a standardised security architecture and operational best practices * Help track and drive remediation of security and technology risks * Educate product teams on risk assessments, threat modelling, and building secure api-first applications * Review requirements and designs to help product teams address shortcomings * Embed security tooling into the development process * Contribute to the review of external penetration tests and help teams prioritise fixes * Collaborate with product teams to improve overall security and resolve specific issues * Facilitate or lead customer conversations regarding product security * Triage and investigate new attack vectors to determine risk mitigation * Drive security and quality initiatives across the organization and support certification audits * Collaborate with Product Management, Principal Engineers, and legal/compliance teams * Identify skills gaps and facilitate knowledge sharing across the organization This role is hybrid, with three days a week spent in our Berlin, London or Valencia office. WHAT SETS YOU APART You're a creative problem-solver who is wired to find solutions. You confidently dive into complex challenges and have a talent for making them simple for others. Your curiosity drives you to constantly grow and contribute to an environment of trust and teamwork. Great ideas come from many paths, and your unique perspective matters more than checking every box. What matters most is the mindset you bring to the work. You bring: * A strong technical background and 5+ years of proven track record in hands-on Product Security * 2+ years of experience improving Product Security in a leadership role * Experience with customer-facing security roles and influencing roadmaps in matrix organizations * Experience in a scale-up environment with ambitious and competing priorities * Expertise in formulating, elaborating, and clarifying requirements or priorities * Experience with Secure Architecture design reviews and Threat Modeling * Experience infusing security into various levels of the SDLC * Experience with Static Analysis and Secure Code Review implementations * Sound knowledge of Linux systems, Kubernetes, Terraform, Vault, API, and web application security * Practical experience in DevSecOps and proficiency in at least one scripting language like JavaScript or Go * Project management experience for projects affecting multiple teams * Experience working within an Agile environment with a strong customer focus * Experience setting up and running trainings or onboardings * Clear written and verbal communication in fluent English AI Aptitude: A genuine curiosity for using AI tools to work smarter and more effectively, paired with a drive to learn and put them into practice in your role. Nice to Have: * Security Certifications such as CISSP, CCSP, Certified Kubernetes Security Specialist, or GCP/AWS/Azure security certifications * An eagerness to constantly improve and learn about leadership and new technologies OUR BENEFITS Because work and life are connected, our benefits are too. We’ve designed them to give you the security, flexibility, and opportunities you need to focus on what matters most. 🩺 Comprehensive health benefits for you and your dependents, including access to OpenUp for personalized mental health support 📚 Learning and development opportunities including an annual learning budget, access to self-paced learning platforms and language training, personalized coaching, mentorship, and leadership programs 🍼 Family Leave Plus gives you additional fully paid weeks of parental leave on top of government-provided leave, so you can spend more time with your new addition 📈 Our equity participation program allows you to share in our success For more information on our benefits, visit this page. Come as you are. Build with us. Your unique perspective is essential to our success. We are committed to building a team that reflects the world around us because we know it’s the only way to build the future. We celebrate our differences and have created a hiring process that’s fair, inclusive, and designed to let your talent shine. We proudly welcome applicants of every race, color, religion, gender identity, sexual orientation, age, and any other part of your identity that makes you who you are. As an equal opportunity employer, we believe that our strength lies in our diversity, and we invite you to be a part of our global community. For more information on our diversity, equity, inclusion, and belonging practices, visit this page.