The Principal Security & Infrastructure Engineer is a senior individual contributor responsible for defining, architecting, and advancing the security and infrastructure foundation for a financial services / investment management technology environment. This role serves as the organization’s top technical authority for security engineering and infrastructure architecture, operating in a highly regulated, data-sensitive, and risk-aware context.
The position owns the design and evolution of zero-trust and defense-in-depth architectures across identity, endpoints, networks, applications, and data. It plays a critical role in securing fintech platforms, investment systems, market data pipelines, and cloud-native financial applications across on-premises, hybrid, and multi-cloud environments, including AWS and Microsoft Azure.
Key Responsibilities
Principal-Level Security Engineering & Architecture
-
Define and own enterprise security architecture for investment management and fintech platforms, including portfolio management systems, trading workflows, research environments, and financial data services
-
Architect and evolve zero-trust security models emphasizing strong identity controls, least privilege, segregation of duties, and continuous verification
-
Design, implement, and operate advanced security controls across AWS and Azure, including IAM, network segmentation, encryption, key management, logging, and workload protection
-
Serve as the final technical authority for security architecture reviews, threat modeling, and risk acceptance decisions in regulated financial environments
-
Engineer detection and response capabilities for financial systems, including SIEM/SOAR pipelines, telemetry strategy, insider-risk monitoring, and incident response automation
-
Lead complex security incidents involving sensitive financial, investor, or trading data, ensuring rapid containment, forensic integrity, and regulatory readiness
Infrastructure & Cloud Platform Architecture
-
Architect secure, resilient, and highly available infrastructure platforms supporting mission-critical financial and investment applications
-
Design cloud networking and connectivity models (VPC/VNet architecture, private connectivity, VPNs, firewalls, routing, and high-availability patterns) suitable for low-latency and high-reliability use cases
-
Ensure platforms meet stringent requirements for availability, integrity, confidentiality, and auditability
-
Embed security controls into infrastructure and platform designs to support regulatory compliance and operational risk management
Technical Leadership & Industry Alignment
-
Act as a principal-level technical advisor to engineering, risk, compliance, and technology leadership
-
Establish security engineering standards, reference architectures, and control patterns aligned with financial services regulatory expectations
-
Partner with risk, legal, and compliance teams to translate regulatory requirements into enforceable technical controls
-
Evaluate fintech vendors, cloud services, and security tools with a focus on vendor risk, data protection, and operational resilience
-
Communicate complex technical risks, architecture decisions, and security posture clearly to senior leadership and auditors
Knowledge & Experience
-
12–15+ years of experience in security engineering, infrastructure engineering, or cloud platform engineering
-
Direct experience in investment management, fintech, capital markets, asset management, or financial services environments
-
Demonstrated success operating as a principal- or staff-level engineer in regulated, high-availability environments
-
Deep expertise designing and securing cloud and hybrid architectures in AWS and Azure
-
Strong understanding of financial data flows, market data systems, trading platforms, and sensitive investor information
-
Proven ability to solve complex, high-risk technical problems with long-term architectural impact
-
Exceptional technical judgment, analytical rigor, and decision-making ability
-
Strong communication skills with the ability to influence senior technology, risk, and business leaders
-
High ethical standards and discretion in handling confidential financial information
Technical & Educational Requirements
-
Bachelor’s degree in computer science, engineering, or a related technical discipline, or equivalent practical experience
-
Advanced security and cloud certifications strongly preferred (e.g., CISSP, AWS Security Specialty, AWS Solutions Architect Professional, Azure Security Engineer)
-
Deep hands-on expertise with AWS security services (IAM, Organizations, CloudTrail, GuardDuty, Security Hub, KMS) and Microsoft cloud and security platforms
-
Strong experience with SIEM/SOAR, endpoint security, vulnerability management, cloud workload protection, and data loss prevention
-
Expertise in infrastructure-as-code and automation (e.g., Terraform, CloudFormation, ARM/Bicep, scripting)
-
Advanced understanding of identity and access management, encryption, key management, networking, and secure system design
-
Familiarity with financial services regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, SEC/FINRA expectations)
Onsite in Boston Financial District -Must be local – NO 3rd party candidates please.
For immediate consideration please email a resume to Kenny at [email protected]
#LI-KW1