Qube Research & Technologies logo

Senior Security Assurance Engineer (Internal Penetration Testing)

Posted about 1 month ago

OfficeLondonSE

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors.

The Security Assurance team is responsible for identifying, assessing, and validating security risks across QRT’s technology environment. The team works closely with Security Engineers, Software Engineers, Infrastructure Engineers, Cloud Engineers, and Technology stakeholders to evaluate the effectiveness of security controls and strengthen the firm's overall security posture through adversarial testing and assurance activities.

Your Future Role within QRT

You will:

  • Conduct internal penetration testing across a wide range of systems, including trading infrastructure, cloud platforms, APIs, and business applications in both Windows and Linux environments.
  • Perform red team-style assessments and adversarial simulations to identify weaknesses in detection, response, and resilience capabilities.
  • Design and execute security assurance strategies to validate the effectiveness of security controls across applications, infrastructure, and cloud environments.
  • Coordinate external penetration testing engagements with third-party security vendors, including scoping, execution oversight, validation of findings, and remediation tracking across cloud, infrastructure, and application environments.
  • Identify, exploit, and clearly document vulnerabilities, providing actionable remediation guidance tailored to engineering teams.
  • Collaborate with product security and development teams to ensure vulnerabilities are properly remediated.
  • Support threat modelling exercises by providing an attacker’s perspective on system design and architecture.
  • Develop and maintain tooling, scripts, and frameworks to automate testing and improve coverage of security assessments.
  • Contribute to continuous security testing within CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls.
  • Conduct security reviews of internal and third-party systems, validating real-world exploitability of identified risks.
  • Provide mentorship and training to engineers on common attack vectors, exploitation techniques, and secure design principles.
  • Stay current with emerging threats, vulnerabilities, and offensive security techniques relevant to financial systems and low-latency environments.

Your present skillset:

  • 5+ years of experience in penetration testing, red teaming, or security assurance roles, with hands-on experience testing complex, large-scale systems.
  • Strong practical knowledge of offensive security techniques, including web application, API, network, and cloud exploitation.
  • Solid understanding of system internals, networking, and common vulnerability classes, including OWASP Top 10, logic flaws, authentication and authorisation issues, and race conditions.
  • Familiarity with both Windows and Linux environments from an attacker’s perspective.
  • Experience using standard penetration testing tools such as Burp Suite, Metasploit, Nmap, BloodHound, and similar offensive security tooling.
  • Ability to assess the real-world impact of vulnerabilities and prioritise risks in a high-stakes environment.
  • Ability to clearly document findings, explain exploitability, and provide practical remediation guidance to engineering and infrastructure teams.
  • Strong communication skills, with the ability to clearly articulate technical risks and remediation strategies to engineering stakeholders.
  • Ability to operate independently, manage multiple assessments, and provide senior-level technical judgement during security assurance activities.
  • Preferred:
    • Experience testing applications and services developed in languages such as Python, C++, Rust, Go, and Kotlin/Java.
    • Experience with cloud security testing across AWS or Azure, including IAM, network configuration, storage, managed services, and common cloud misconfigurations.
    • Experience developing custom penetration testing tools, automation, scripts, exploits, or fuzzers.
    • Experience integrating security testing into CI/CD pipelines or supporting continuous assurance practices.
    • Understanding of detection and response mechanisms, with the ability to evaluate or bypass them during controlled testing.
    • Experience conducting red team exercises, adversary simulations, or purple team engagements.
    • Experience with containerised environments, Kubernetes, infrastructure-as-code, or hybrid cloud infrastructure.
    • Knowledge of low-latency systems, financial trading environments, or high-performance distributed systems.
    • Relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, CCT INF, or equivalent practical experience.

QRT is an equal opportunity employer. We value diversity as essential to our success and are committed to creating an environment where employees can work openly, respectfully, and collaboratively. In addition to supporting professional achievement, QRT offers initiatives and programmes designed to help employees maintain a healthy work-life balance.

Job details
Workplace
Office
Location
London
Experience
SE
Qube Research & Technologies logo
Qube Research & Technologies
View company page

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all asset classes across the world. Driven by a shared passion for data, research, technology and trading expertise, we strive to deliver high-quality returns for our investors. Established in 2018, QRT can rely on its employees across 16 offices across the globe. We currently have multiple open positions on our website, please check and apply on line: https://www.qube-rt.com/careers/ QRT supports various coding initiatives as well as academic projects developing and promoting maths and science education. More information: https://www.qube-rt.com/commitments

Employees
2318
Industry
Financial Services
Headquarters
London, England
Founded
2018
Company location
9 Bressenden Place, London, England SW1E 5BY, GB

Key team members

Manish Shah

Manish Shah

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups