Cyber Security Engineer

SUMMARY

The Cybersecurity Engineer joins an existing security operations team of 2 that are responsible for the continued evolution, design, and advancement of the firm’s cybersecurity program. This role safeguards the confidentiality, integrity, and availability of firm data, systems, and facilities in alignment with organizational policies and regulatory expectations. The security operations team leads the implementation of security architecture, controls, and technical solutions across the enterprise, while proactively identifying risks and recommending strategic improvements.

This individual operates as a highly self-directed contributor within a nimble global team responsible for cybersecurity and enterprise risk. The role requires independent assessment of emerging threats, evaluation of control effectiveness, prioritization of initiatives, and ownership of security-focused projects from concept through execution. The Cybersecurity Engineer regularly collaborates with infrastructure, software engineering, and the service desk teams to drive measurable improvements in the firm’s security posture.

As an onsite/hybrid employee, you are expected to be in the office on Tuesdays, Wednesdays and Thursday.

RESPONSIBILITIES

• Design, implement, and enhance security controls across endpoint, network, cloud, identity, and SDLC.
• Lead security-focused projects, including scoping, planning, execution, stakeholder communication, and documentation.
• Own and optimize core security tooling (Application security, AI security, endpoint protection, IDS/IPS, SIEM, vulnerability management, threat intelligence platforms, etc.), ensuring effective configuration and continuous improvement.
• Develop and implement automation to enhance threat detection, alerting, response workflows, ticket creation, and reporting metrics.
• Conduct and oversee annual penetration testing, social engineering exercises, and remediation tracking.
• Partner with cross-functional technology teams to embed secure design principles and hardening standards into infrastructure, cloud platforms, and application development (DevSecOps).
• Monitor compliance with cybersecurity policies and regulatory requirements; identify gaps and drive remediation efforts.
• Serve as a technical escalation point during incident response and contribute to post-incident analysis and control improvements.
• Identify emerging threats, tools, and technologies and recommend strategic direction for the cybersecurity program.

EDUCATION, SKILLS AND EXPERIENCE REQUIREMENTS

• Bachelor’s Degree in Computer Science, Information Technology, or equivalent practical experience.
• 5 years of progressive experience in cybersecurity or information security engineering roles.
• Demonstrated experience implementing and engineering security controls in enterprise environments.
• Experience leading or independently managing technical security projects.
• Strong familiarity with CIS Framework and system hardening standards.
• Hands-on experience securing and monitoring cloud platforms (AWS, Azure, etc.).
• Deep understanding of common security controls including DLP, MFA, encryption, intrusion detection, and mobile device/application management.
• Strong scripting and automation skills (PowerShell, Python, or similar) with software engineering experience preferred
• Experience designing and maintaining centralized logging and SIEM solutions.
• Ability to independently assess risk, define problems, and implement practical, scalable solutions.
• Strong communication skills with the ability to influence stakeholders and represent the security function effectively.
• Experience in financial services or investment management preferred.
• Relevant security certifications (CISSP, CISM, GIAC, AWS Security, etc.) are a plus.

AT A GLANCE - GCM’s CYBERSECURITY & RISK TEAM

• Oversees the firm’s Cybersecurity, Risk Management, Business Continuity, Change Management, and Disaster Recovery programs.
• Collaborates with IT and business teams to embed security best practices across the enterprise.
• Participates in client meetings, regulatory examinations, and security due diligence processes.
• Utilizes Agile principles to prioritize, plan, and execute cybersecurity initiatives.
• Maintains a strong team culture centered on accountability, ownership, and continuous improvement.