Security Engineer

TL;DR

Security Engineer (Cybersecurity): Strengthening secure software development practices across the company with an accent on secure coding, system reviews, and tool evaluation. Focus on bridging security gaps and ensuring compliance with ISO 27001 and SOC 2 standards.

Location: Full-time onsite in Shanghai

Company

A market-neutral, multi-manager investment platform focused on Asia, established in conjunction with PAG.

What you will do

• Promote and embed secure coding best practices across engineering teams.
• Conduct regular security reviews of applications and infrastructure to identify risks and gaps.
• Collaborate with developers to recommend and implement practical security improvements.
• Evaluate and implement security tools and products tailored to the company's needs.
• Manage vulnerability remediation, tracking, and security monitoring initiatives.
• Drive ISO 27001 and SOC 2 compliance efforts, including evidence gathering and audit support.

Requirements

• Experience in a Security Engineer or Application Security role.
• Strong understanding of secure software development practices and common AppSec risks.
• Ability to perform security reviews and identify control gaps in systems and workflows.
• Hands-on experience supporting or leading ISO 27001 and SOC 2 certification processes.
• Good collaboration and communication skills for working with technical stakeholders.
• Must be able to work full-time from the Shanghai office.

Culture & Benefits

• Centrally located office in the heart of Shanghai.
• Global exposure through collaboration with teams across six regional offices.
• Paid annual leave and medical group insurance.
• Gym reimbursement.
• Professional learning and development opportunities.
• Inclusive environment committed to diversity and equal opportunity.