Security Engineer Audit & Compliance

As a highly skilled Security Engineer, you will play a crucial role in strengthening the security posture of our high-frequency trading (HFT) infrastructure. Your expertise in audits, compliance, and penetration testing will be essential in ensuring the security and regulatory compliance of our systems. **Key Responsibilities:** - Conduct and manage System Audits, Exchange IT Compliance Audits, Vulnerability Assessments, and Compliance Audits in accordance with regulatory and internal requirements. - Plan, execute, and document penetration testing to identify and address security risks. - Collaborate with cross-functional teams to prepare, review, and submit compliance documentation for regulatory bodies and exchange audits. - Drive security controls within CI/CD pipelines to uphold robust DevSecOps practices. - Ensure prompt remediation of vulnerabilities, deviations, and audit findings across infrastructure and applications. - Stay updated on exchange regulations, IT security standards, and compliance requirements relevant to HFT environments. - Provide technical support during external and internal audits, acting as a liaison between engineering, compliance, and business leadership. **Key Skills & Competencies:** - Strong understanding of IT compliance frameworks, exchange audit requirements, and vulnerability management. - Hands-on experience in penetration testing, system hardening, and security tooling. - Expertise in CI/CD pipelines, DevOps practices, and secure deployment strategies. - Excellent documentation, reporting, and cross-team collaboration skills. - Analytical mindset with problem-solving ability to balance regulatory compliance and system performance in a high-speed trading environment. **Qualifications:** - Bachelor's degree in Engineering (BE) with an MBA preferred. - Professional certifications: CISA (Certified Information Systems Auditor) and CISM (Certified Information Security Manager). - Additional certifications in penetration testing, cloud security, or DevSecOps will be advantageous.,