Senior Security Assurance Engineer (Internal Penetration Testing)

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors.

The Security Assurance team is responsible for identifying, assessing, and validating security risks across QRT’s technology environment. The team works closely with Security Engineers, Software Engineers, Infrastructure Engineers, Cloud Engineers, and Technology stakeholders to evaluate the effectiveness of security controls and strengthen the firm's overall security posture through adversarial testing and assurance activities.

Your Future Role within QRT

You will:

• Conduct internal penetration testing across a wide range of systems, including trading infrastructure, cloud platforms, APIs, and business applications in both Windows and Linux environments.
• Perform red team-style assessments and adversarial simulations to identify weaknesses in detection, response, and resilience capabilities.
• Design and execute security assurance strategies to validate the effectiveness of security controls across applications, infrastructure, and cloud environments.
• Coordinate external penetration testing engagements with third-party security vendors, including scoping, execution oversight, validation of findings, and remediation tracking across cloud, infrastructure, and application environments.
• Identify, exploit, and clearly document vulnerabilities, providing actionable remediation guidance tailored to engineering teams.
• Collaborate with product security and development teams to ensure vulnerabilities are properly remediated.
• Support threat modelling exercises by providing an attacker’s perspective on system design and architecture.
• Develop and maintain tooling, scripts, and frameworks to automate testing and improve coverage of security assessments.
• Contribute to continuous security testing within CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls.
• Conduct security reviews of internal and third-party systems, validating real-world exploitability of identified risks.
• Provide mentorship and training to engineers on common attack vectors, exploitation techniques, and secure design principles.
• Stay current with emerging threats, vulnerabilities, and offensive security techniques relevant to financial systems and low-latency environments.

Your present skillset:

• 5+ years of experience in penetration testing, red teaming, or security assurance roles, with hands-on experience testing complex, large-scale systems.
• Strong practical knowledge of offensive security techniques, including web application, API, network, and cloud exploitation.
• Solid understanding of system internals, networking, and common vulnerability classes, including OWASP Top 10, logic flaws, authentication and authorisation issues, and race conditions.
• Familiarity with both Windows and Linux environments from an attacker’s perspective.
• Experience using standard penetration testing tools such as Burp Suite, Metasploit, Nmap, BloodHound, and similar offensive security tooling.
• Ability to assess the real-world impact of vulnerabilities and prioritise risks in a high-stakes environment.
• Ability to clearly document findings, explain exploitability, and provide practical remediation guidance to engineering and infrastructure teams.
• Strong communication skills, with the ability to clearly articulate technical risks and remediation strategies to engineering stakeholders.
• Ability to operate independently, manage multiple assessments, and provide senior-level technical judgement during security assurance activities.
• Preferred:
  • Experience testing applications and services developed in languages such as Python, C++, Rust, Go, and Kotlin/Java.
  • Experience with cloud security testing across AWS or Azure, including IAM, network configuration, storage, managed services, and common cloud misconfigurations.
  • Experience developing custom penetration testing tools, automation, scripts, exploits, or fuzzers.
  • Experience integrating security testing into CI/CD pipelines or supporting continuous assurance practices.
  • Understanding of detection and response mechanisms, with the ability to evaluate or bypass them during controlled testing.
  • Experience conducting red team exercises, adversary simulations, or purple team engagements.
  • Experience with containerised environments, Kubernetes, infrastructure-as-code, or hybrid cloud infrastructure.
  • Knowledge of low-latency systems, financial trading environments, or high-performance distributed systems.
  • Relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, CCT INF, or equivalent practical experience.

QRT is an equal opportunity employer.