Senior Information Security Engineer

Geode Capital Management, LLC is seeking a Senior Information Security Engineer. The primary responsibilities include supporting Geode’s Information Security and Technology Transformation initiatives. This position reports to the Director of Information Security and collaborates closely with the Technology and Risk Management teams. The ideal candidate is passionate about identifying, managing, communicating, and mitigating risks, fostering a risk-focused culture, and promoting effective Information Security practices at Geode. 

This is a hybrid work environment opportunity located in Boston, MA with a weekly in-office schedule of Tuesdays, Wednesdays, and Thursdays with remote work from home on Mondays and Fridays.  

Responsibilities:

• Lead security initiatives throughout Geode’s Software Development Life Cycle (SDLC) by utilizing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools. Act as a subject matter expert and assist the Technology team in remediating application vulnerabilities.
• Support Geode’s key security initiatives such as, but not limited to, vulnerability management, application security, DevSecOps, access governance, cloud migration (AWS, Azure) etc.
• Assist in implementing information security requirements, including policies, standards, and controls, by collaborating with the Risk Management team.
• Partner with Technology, Internal Audit team and other teams to analyze security controls to ensure that Geode’s security requirements are implemented for effective security posture.
• Provide support and input for related audits or examinations from internal/external parties and collaborate with relevant stakeholders to ensure findings are appropriately remediated.
• Assist with risk assessments, identify gaps and document action items.
• Prepare data and metrics-based analysis to help proactively monitor and report on risks across the company through use of Key Risk Indicators (‘KRIs’).
• Perform additional duties as required.

Skills You Bring:

• Bachelor of Science degree in Computer Science, Engineering, Computer Security, or Information Systems.
• 7+ years of experience in software development, information security, and cloud environments, with broad working knowledge of information systems and the latest technologies.
• Strong knowledge of vulnerability management and security testing tools, as well as OWASP Top 10 vulnerabilities.
• Experience with frameworks such as CIS, NIST, ISO 27001, and SOC.
• Certifications such as CISSP, CISM, and CEH are preferred but not required.
• Strong interpersonal and communication skills, with the ability to solve problems as they arise.
• Ability to work independently across multiple simultaneous work streams and thrive in a fast-paced, small company culture environment. 

Company Overview:
Founded in 2001, Geode is headquartered in Boston’s financial district, the center of one of the world’s most vibrant finance and technology hubs and employs approximately 180 employees.

Geode is an institutional asset manager providing core beta exposures across a range of equity and niche asset classes, with over $1 trillion in AUM. With a robust infrastructure and experienced investment professionals, Geode offers the scale of a large asset management firm with the benefits of a smaller organization.  

Geode is proud to be an equal opportunity employer and support a diversified work environment. Learn more about Geode at www.geodecapital.com/careers.