Senior Information Security Engineer

Join to apply for the Senior Information Security Engineer role at Geode Capital Management.

Geode Capital Management, LLC is seeking a Senior Information Security Engineer. The primary responsibilities include supporting Geode’s Information Security and Technology Transformation initiatives. This position reports to the Director of Information Security and collaborates closely with the Technology and Risk Management teams. The ideal candidate is passionate about identifying, managing, communicating, and mitigating risks, fostering a risk-focused culture, and promoting effective Information Security practices at Geode.

This is a hybrid work environment opportunity located in Boston, MA with a weekly in-office schedule of Tuesdays, Wednesdays, and Thursdays, and remote work from home on Mondays and Fridays.

• Lead security initiatives throughout Geode’s Software Development Life Cycle (SDLC) by utilizing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools. Act as a subject matter expert and assist the Technology team in remediating application vulnerabilities.
• Support Geode’s key security initiatives such as vulnerability management, application security, DevSecOps, access governance, and cloud migration (AWS, Azure).
• Assist in implementing information security requirements, including policies, standards, and controls, by collaborating with the Risk Management team.
• Partner with Technology, Internal Audit, and other teams to analyze security controls to ensure security requirements are met for effective security posture.
• Provide support and input for audits or examinations from internal/external parties and collaborate to ensure findings are remediated.
• Assist with risk assessments, identify gaps, and document action items.
• Prepare data and metrics-based analysis to proactively monitor and report on risks across the company using Key Risk Indicators (‘KRIs’).
• Perform additional duties as required.

• Bachelor’s degree in Computer Science, Engineering, Computer Security, or Information Systems.
• 7+ years of experience in software development, information security, and cloud environments, with broad knowledge of information systems and latest technologies.
• Strong knowledge of vulnerability management and security testing tools, as well as OWASP Top 10 vulnerabilities.
• Experience with frameworks such as CIS, NIST, ISO 27001, and SOC.
• Certifications such as CISSP, CISM, and CEH are preferred but not required.
• Strong interpersonal and communication skills, with problem-solving abilities.
• Ability to work independently across multiple streams and thrive in a fast-paced, small company culture environment.