Security Engineer: Insurance Two Sigma
New York, NY

Job Description

Two Sigma Insurance Quantified (TSIQ) seeks to partner with leaders in the insurance industry by applying Two Sigma's core engineering, modeling and analytics capabilities. TSIQ works closely with its industry partners to deliver products and solutions, which lead to enhanced automation and data-driven decision making. Comprised of a diversified and growing team of highly skilled data scientists, engineers, and business professionals, TSIQ possesses the agility and innovation of a dynamic startup with the resources and long-term view of Two Sigma.

Two Sigma is a technology company dedicated to finding value in the world's data. Since its founding in 2001, Two Sigma has built an innovative platform that combines extraordinary computing power, vast amounts of information, and advanced data science to produce breakthroughs in investment management, insurance and related fields. Today, Two Sigma manages approximately $60+ billion in assets, employs more than 1,000 people and has offices in New York, Hong Kong, Houston and London.

The TSIQ Engineering team is made of multiple functional teams responsible for all the software components, services and cloud infrastructure that power the TSIQ Insurance platform (IQOS)

TSIQ is looking to add a Security Engineer to its team as we develop IQOS and work with our industry partners. Your core mission is to ensure that our services, applications, and infrastructure are designed and implemented to the highest security standards. You will have the opportunity to learn from, and be mentored by a growing security and engineering team whose mission is to use industry leading practices to secure our deployments.

You will take on the following responsibilities:

* Engineer security controls and process in our applications, services, and cloud infrastructure
* Infrastructure and application security assessment
* Application and infrastructure design review and control recommendation
* Work with a variety of engineering and infrastructure teams to review and improve security controls
* Design, build, and improve all aspects of our secure engineering lifecycle
* Application Security testing using static and dynamic testing tools
* Perform code reviews on internal products and open source libraries
* Communicate security concepts and recommendations to engineers and enable them to write secure code

You should possess the following qualifications:

* BA/BS in Computer Science or related technical field, or equivalent experience.
* At least 3 years as a security engineer directly contributing to systems/services and supporting them in production.
* At least 2 years of experience with application security testing and review using modern static and dynamic testing tools
* Knowledge of common application security vulnerabilities and secure engineering practices to mitigate such attacks.
* Ability to read code in a wide variety of languages, discover security vulnerabilities with ease, and explain them to engineers in plain English
* Defensive experience in prioritizing security vulnerabilities, missing controls, and unknown systems
* At least 2 years working with common and industry standard cloud-native/cloud-friendly authentication mechanisms (SAML, OAuth, etc).
* At least 2+ years of exposure to service-oriented architecture for cloud-based services.

You will enjoy the following benefits:

* Core Benefits: Fully paid medical and dental insurance premiums for employees and dependents, 401k match, employer-paid life & disability insurance
* Perks: Onsite gyms with laundry service, wellness activities, casual dress, snacks, game rooms
* Learning: Tuition reimbursement, conference and training sponsorship
* Time Off: Generous vacation, sick days, and paid caregiver leaves

We are proud to be an equal opportunity workplace. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender identity/expression, age, status as a protected veteran, status as an individual with a disability, or any other applicable legally protected characteristics.