Quantexa
Senior Security Engineer – North America
1 week ago Be among the first 25 applicants
Get AI-powered advice on this job and more exclusive features.
Do you ever have the urge to do things better than the last time? We do. And it's this urge that drives us every day. Our environment of discovery and innovation means we're able to create deep and valuable relationships with our clients to create real change for them and their industries. It's what got us here - and it's what will make our future. At Quantexa, you'll experience autonomy and support in equal measures allowing you to form a career that matches your ambitions. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20+ languages across our 50+ nationalities, creating a sense of belonging for all.
Opportunity This role combines deep technical security engineering with operational assurance and platform enablement. The position is responsible for shaping and sustaining secure development practices, strengthening cloud and SaaS controls, and improving detection and response maturity across Quantexa.
You will work closely with engineering, platform, and operational teams to build secure delivery patterns and ensure they are consistently adopted. This includes guiding DevOps team approaches, embedding automated security testing, consolidating compliance checks, and influencing design standards that support secure development and deployment. You will provide both assurance and hands‑on oversight to ensure tooling such as CI/CD, infrastructure as code, identity controls, and container orchestration remain hardened, monitored, and aligned to recognised best practices.
On the operational side, you will lead the improvement of security controls and monitoring capabilities across cloud platforms, SaaS services, and enterprise toolsets. You will integrate threat intelligence, refine detection rules, enhance incident readiness, and drive remediation activities based on security posture findings. You will work with stakeholders to review architectural risk, conduct threat modelling, and support operational response to emerging issues.
Success in this role requires an ability to translate complex risks into actionable change, influence adoption of secure practices, and build trust with engineering and senior technical stakeholders. You will balance preventative engineering activities with investigative skills and operational discipline, creating a feedback loop that strengthens resilience over time.
The ideal candidate brings strong experience across cloud security, DevOps enablement, identity and access controls, SaaS security, threat detection platforms, and incident response. You will be a self‑starter who can navigate ambiguity, challenging stakeholders, collaborate across varied teams, and drive holistic improvements that enhance Quantexa's overall security posture.
The role is open in New York, New Jersey, Connecticut, North Carolina, Massachusetts, Pennsylvania, Virginia, Maryland, Washington, D.C., and Florida.
Requirements Security Architecture & Engineering
Embed security within CI/CD pipelines, delivery workflows, and infrastructure automation through testing, scanning, and policy enforcement
Architect and maintain technical security guardrails for cloud native platforms and infrastructure as code deployments to ensure consistent hardening, resilience, and alignment to reference security standards
Provide assurance oversight and configuration governance for SaaS platforms, with emphasis on identity and privilege management, access control enforcement, and data confidentiality protection
Perform threat modelling and security design reviews to influence architectural decisions, support secure engineering principles, and shape remediation priorities
Advance monitoring, detection, and response maturity across cloud and SaaS environments using platforms including Wiz, Zscaler, Sentinel, and complementary detection tooling
Engineer, tune, and maintain detection logic and security policy frameworks to improve telemetry quality, situational awareness, and incident readiness
Conduct cloud security posture assessments and lead remediation of weaknesses identified through vulnerability scanning, configuration assessments, and security testing
Support operational incident response through investigation of security issues, risk containment activities, root cause analysis, and development of durable corrective actions
Promote DevSecOps methods by coaching engineering teams, developing reusable secure patterns, and enabling the adoption of automated control enforcement
Partner with the chief architecture, platform, and product functions to embed security within design processes and ensure alignment with strategic, regulatory, and business requirements
Compliance, Audit & Governance
Ensure compliance with cloud and SaaS‑specific frameworks and maintain continuous audit readiness for SaaS and CI/CD environments
Ensure compliance with NIST SP 800-53, NIST SP 800-171, SOC 2, ISO/IEC 27001:2022, and client‑specific requirements
Prepare for and participate in internal and external audits and providing technical input into client responses if needed
Lead technical responses to audit findings and maintain continuous audit readiness
Coordinate penetration testing across cloud, network, and application layers
Security Operations & Incident Response
Develop, tune, and maintain detection logic and automated response playbooks across Wiz, Zscaler, and related platforms in accordance with threat intelligence and adversary techniques such as the Mitre Attack Framework
Conduct proactive threat hunting, triage security alerts, and support incident investigations in collaboration with managed service providers
Author, refine, and validate analytic queries and behavioural detection rules to improve accuracy, reduce false positives, and enhance contextual awareness
Lead automation initiatives to streamline operational processes, increase response efficiency, and minimise manual intervention
Perform advanced security investigations leveraging SIEM telemetry, endpoint data, identity logs, and API intelligence sources
Apply threat intelligence sources and indicators to enrich investigations, support correlation activities, and provide insight into adversary activity
Manage advanced email security operations including analysis of phishing attempts, business email compromise, malware‑based attacks, and related risk scenarios
Lead incident investigations impacting cloud infrastructure, SaaS services, and CI/CD toolchains, working closely with engineering and operations stakeholders
Conduct post‑incident reviews and root cause analysis to support organisational learning, capability uplift, and enduring remediation outcomes
Perform forensic examination of operating system artefacts and metadata across endpoints, servers, and cloud workloads to support investigative findings
Demonstrate strong proficiency in query languages and detection rule development across SIEM, EDR, and XDR platforms including Sentinel, CrowdStrike, and similar toolsets
Mandatory Proficiency in the Following Platforms
Practical experience with enterprise security technologies including GitGuardian for secret detection, Cyberhaven for insider risk monitoring, Wiz Advanced and Defend for cloud posture and workload protection, Zscaler for secure access and traffic inspection, Sublime for automation and orchestration support, DevOps CI/CD tooling for pipeline security enforcement, and Terraform for infrastructure as code deployment
Demonstrated capability in applying native cloud provider security services, including Azure Security Centre and GCP, to support posture management, threat detection, compliance validation, and secure configuration
Stakeholder Engagement & Leadership
Provide expert guidance to internal and external stakeholders on cloud and SaaS security, including secure CI CD design and compliance expectations
Deliver tailored training and awareness sessions to strengthen understanding of secure cloud, DevSecOps, and operational security practices
Act as a trusted technical adviser on Zero Trust, cloud security, and related domains, supporting informed decision-making across programmes
Translate complex security risks into clear and actionable language for both technical and non‑technical audiences, influencing senior leaders and cross‑functional teams
Champion a security first mindset, mentor colleagues, and contribute to the continual growth and capability of the wider security function
Expectations and Mindset
Proactiveness: Take initiative, seek out information, do not sit back and wait, drive your own knowledge alongside that of other guidance provided by the team, and always ask questions
Communication: Keep stakeholders informed, ask questions, and ensure clarity in all interactions
Forward thinking: Anticipate challenges and issues, try to think one step ahead, think strategically, and look for opportunities for improvement
Team Communication: Follow up with the team and make sure you are seen and known, be heard and build strong relationships and establish your presence
Education & Certifications
Minimum of 12 years of professional experience in cybersecurity, with at least 7 years in senior or lead security roles
Master's degree in information security, Computer Science, or related discipline
Preferred Industry Certifications (Evidence required):
GIAC certifications such as GCIA, GCED, GCIH, GDAT, GDSA or GMON
Microsoft Cloud‑specific security certifications, such as AZ 500, AZ 305, SC 300
Benefits Our perks and quirks. What makes you Q will help you to realise your full potential, flourish and enjoy what you do, while being recognised and rewarded with our broad range of benefits.
Competitive base salary of $130-170k
Company bonus
100% 401K match up to 5%
Comprehensive benefits coverage, including mental health support, fitness reimbursements, and financial well‑being
Tax‑advantageous benefits, such as commuter benefits, healthcare, and dependent care
Competitive annual leave, parental leave, PTO, and observed holidays
Well‑being benefits, such as the Calm App and Wellbeing 1/2 days off ♀️
Continuous Training and Development, including access to Udemy Business
Work from Anywhere Scheme: Spend up to 2 months working outside of your country of employment over a rolling 12‑month period
Employee Referral Program
Team Social Budget & Company‑wide Socials
Our mission We have one mission. To help businesses grow. To make data easier. And to make the world a better place. We're not a start‑up. Not anymore. But we've not been around that long either. What we are is a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction - the future.
It’s All About You It's important to us that you feel welcome, valued and respected. After all, it's your individuality and passion for what you do that will make you Q. We see that - which is why we're proud to be an Equal Opportunity Employer. We've created and will continue to improve our inclusive and diverse work environment. Regardless of your race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity or ableness - whoever you are - if you are a passionate, curious and caring human being who wants to push the boundaries of what's possible, then we want to hear from you.
Start. Don’t stop – Apply We are excited to consider you for the Senior Security Engineer – North America role. Please submit your application via our career portal or contact HR for further information.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr
Get AI-powered advice on this job and more exclusive features.
Do you ever have the urge to do things better than the last time? We do. And it's this urge that drives us every day. Our environment of discovery and innovation means we're able to create deep and valuable relationships with our clients to create real change for them and their industries. It's what got us here - and it's what will make our future. At Quantexa, you'll experience autonomy and support in equal measures allowing you to form a career that matches your ambitions. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20+ languages across our 50+ nationalities, creating a sense of belonging for all.
Opportunity This role combines deep technical security engineering with operational assurance and platform enablement. The position is responsible for shaping and sustaining secure development practices, strengthening cloud and SaaS controls, and improving detection and response maturity across Quantexa.
You will work closely with engineering, platform, and operational teams to build secure delivery patterns and ensure they are consistently adopted. This includes guiding DevOps team approaches, embedding automated security testing, consolidating compliance checks, and influencing design standards that support secure development and deployment. You will provide both assurance and hands‑on oversight to ensure tooling such as CI/CD, infrastructure as code, identity controls, and container orchestration remain hardened, monitored, and aligned to recognised best practices.
On the operational side, you will lead the improvement of security controls and monitoring capabilities across cloud platforms, SaaS services, and enterprise toolsets. You will integrate threat intelligence, refine detection rules, enhance incident readiness, and drive remediation activities based on security posture findings. You will work with stakeholders to review architectural risk, conduct threat modelling, and support operational response to emerging issues.
Success in this role requires an ability to translate complex risks into actionable change, influence adoption of secure practices, and build trust with engineering and senior technical stakeholders. You will balance preventative engineering activities with investigative skills and operational discipline, creating a feedback loop that strengthens resilience over time.
The ideal candidate brings strong experience across cloud security, DevOps enablement, identity and access controls, SaaS security, threat detection platforms, and incident response. You will be a self‑starter who can navigate ambiguity, challenging stakeholders, collaborate across varied teams, and drive holistic improvements that enhance Quantexa's overall security posture.
The role is open in New York, New Jersey, Connecticut, North Carolina, Massachusetts, Pennsylvania, Virginia, Maryland, Washington, D.C., and Florida.
Requirements Security Architecture & Engineering
Embed security within CI/CD pipelines, delivery workflows, and infrastructure automation through testing, scanning, and policy enforcement
Architect and maintain technical security guardrails for cloud native platforms and infrastructure as code deployments to ensure consistent hardening, resilience, and alignment to reference security standards
Provide assurance oversight and configuration governance for SaaS platforms, with emphasis on identity and privilege management, access control enforcement, and data confidentiality protection
Perform threat modelling and security design reviews to influence architectural decisions, support secure engineering principles, and shape remediation priorities
Advance monitoring, detection, and response maturity across cloud and SaaS environments using platforms including Wiz, Zscaler, Sentinel, and complementary detection tooling
Engineer, tune, and maintain detection logic and security policy frameworks to improve telemetry quality, situational awareness, and incident readiness
Conduct cloud security posture assessments and lead remediation of weaknesses identified through vulnerability scanning, configuration assessments, and security testing
Support operational incident response through investigation of security issues, risk containment activities, root cause analysis, and development of durable corrective actions
Promote DevSecOps methods by coaching engineering teams, developing reusable secure patterns, and enabling the adoption of automated control enforcement
Partner with the chief architecture, platform, and product functions to embed security within design processes and ensure alignment with strategic, regulatory, and business requirements
Compliance, Audit & Governance
Ensure compliance with cloud and SaaS‑specific frameworks and maintain continuous audit readiness for SaaS and CI/CD environments
Ensure compliance with NIST SP 800-53, NIST SP 800-171, SOC 2, ISO/IEC 27001:2022, and client‑specific requirements
Prepare for and participate in internal and external audits and providing technical input into client responses if needed
Lead technical responses to audit findings and maintain continuous audit readiness
Coordinate penetration testing across cloud, network, and application layers
Security Operations & Incident Response
Develop, tune, and maintain detection logic and automated response playbooks across Wiz, Zscaler, and related platforms in accordance with threat intelligence and adversary techniques such as the Mitre Attack Framework
Conduct proactive threat hunting, triage security alerts, and support incident investigations in collaboration with managed service providers
Author, refine, and validate analytic queries and behavioural detection rules to improve accuracy, reduce false positives, and enhance contextual awareness
Lead automation initiatives to streamline operational processes, increase response efficiency, and minimise manual intervention
Perform advanced security investigations leveraging SIEM telemetry, endpoint data, identity logs, and API intelligence sources
Apply threat intelligence sources and indicators to enrich investigations, support correlation activities, and provide insight into adversary activity
Manage advanced email security operations including analysis of phishing attempts, business email compromise, malware‑based attacks, and related risk scenarios
Lead incident investigations impacting cloud infrastructure, SaaS services, and CI/CD toolchains, working closely with engineering and operations stakeholders
Conduct post‑incident reviews and root cause analysis to support organisational learning, capability uplift, and enduring remediation outcomes
Perform forensic examination of operating system artefacts and metadata across endpoints, servers, and cloud workloads to support investigative findings
Demonstrate strong proficiency in query languages and detection rule development across SIEM, EDR, and XDR platforms including Sentinel, CrowdStrike, and similar toolsets
Mandatory Proficiency in the Following Platforms
Practical experience with enterprise security technologies including GitGuardian for secret detection, Cyberhaven for insider risk monitoring, Wiz Advanced and Defend for cloud posture and workload protection, Zscaler for secure access and traffic inspection, Sublime for automation and orchestration support, DevOps CI/CD tooling for pipeline security enforcement, and Terraform for infrastructure as code deployment
Demonstrated capability in applying native cloud provider security services, including Azure Security Centre and GCP, to support posture management, threat detection, compliance validation, and secure configuration
Stakeholder Engagement & Leadership
Provide expert guidance to internal and external stakeholders on cloud and SaaS security, including secure CI CD design and compliance expectations
Deliver tailored training and awareness sessions to strengthen understanding of secure cloud, DevSecOps, and operational security practices
Act as a trusted technical adviser on Zero Trust, cloud security, and related domains, supporting informed decision-making across programmes
Translate complex security risks into clear and actionable language for both technical and non‑technical audiences, influencing senior leaders and cross‑functional teams
Champion a security first mindset, mentor colleagues, and contribute to the continual growth and capability of the wider security function
Expectations and Mindset
Proactiveness: Take initiative, seek out information, do not sit back and wait, drive your own knowledge alongside that of other guidance provided by the team, and always ask questions
Communication: Keep stakeholders informed, ask questions, and ensure clarity in all interactions
Forward thinking: Anticipate challenges and issues, try to think one step ahead, think strategically, and look for opportunities for improvement
Team Communication: Follow up with the team and make sure you are seen and known, be heard and build strong relationships and establish your presence
Education & Certifications
Minimum of 12 years of professional experience in cybersecurity, with at least 7 years in senior or lead security roles
Master's degree in information security, Computer Science, or related discipline
Preferred Industry Certifications (Evidence required):
GIAC certifications such as GCIA, GCED, GCIH, GDAT, GDSA or GMON
Microsoft Cloud‑specific security certifications, such as AZ 500, AZ 305, SC 300
Benefits Our perks and quirks. What makes you Q will help you to realise your full potential, flourish and enjoy what you do, while being recognised and rewarded with our broad range of benefits.
Competitive base salary of $130-170k
Company bonus
100% 401K match up to 5%
Comprehensive benefits coverage, including mental health support, fitness reimbursements, and financial well‑being
Tax‑advantageous benefits, such as commuter benefits, healthcare, and dependent care
Competitive annual leave, parental leave, PTO, and observed holidays
Well‑being benefits, such as the Calm App and Wellbeing 1/2 days off ♀️
Continuous Training and Development, including access to Udemy Business
Work from Anywhere Scheme: Spend up to 2 months working outside of your country of employment over a rolling 12‑month period
Employee Referral Program
Team Social Budget & Company‑wide Socials
Our mission We have one mission. To help businesses grow. To make data easier. And to make the world a better place. We're not a start‑up. Not anymore. But we've not been around that long either. What we are is a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction - the future.
It’s All About You It's important to us that you feel welcome, valued and respected. After all, it's your individuality and passion for what you do that will make you Q. We see that - which is why we're proud to be an Equal Opportunity Employer. We've created and will continue to improve our inclusive and diverse work environment. Regardless of your race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity or ableness - whoever you are - if you are a passionate, curious and caring human being who wants to push the boundaries of what's possible, then we want to hear from you.
Start. Don’t stop – Apply We are excited to consider you for the Senior Security Engineer – North America role. Please submit your application via our career portal or contact HR for further information.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr