Lead Security Engineer, Digital Assets

WisdomTree is looking for a Lead Security Engineer to support the firm’s digital assets and tokenization initiative. This initiative is an internal startup that expands beyond the firm’s existing ETF business.The Lead Security Engineer is responsible for the design, review, and delivery of new and existing cybersecurity and technology initiatives related to securing WisdomTree’s digital assets infrastructure, application security, and SaaS operations. Candidates should be highly technical, hands-on, and have experience designing and executing Information Security policies and programs. Responsibilities:

• Incorporate industry security standards into network operations, application development practices, and cloud infrastructure configuration across WisdomTree’s digital assets ecosystem
• Review software security architecture for internally developed and third-party products
• Provide guidance to internal and external engineering teams with implementing security fixes and ensure security solutions are utilized correctly
• Engage with vendors and be the point person for security audits and other services
• Develop and enforce response procedures for security incidents
• Create and maintain policy documentation related to InfoSec, Risk Management, and Incident Response. Utilize threat models and leverage them to prioritize engineering time based on risk impact.
• Research and assess blockchain security vulnerabilities and new blockchain security events

• Have a CISSP or CISM
• Have minimum of 5+ years professional experience in Information Security, preferably with additional engineering experience
• Be passionate about Cryptocurrency/Defi/Blockchain technologies. Fluency in Solidity development and deployment of smart contracts is a plus.
• Have a BS/MS/PhD in Computer Science/Security Information Systems
• Have deep experience with configuring cloud infrastructure security (Microsoft Azure a strong plus) across all levels of a web/mobile tech stack
• Comfort with automation tools or coding/scripting (e.g., Ansible, Terraform, Python)
• Be experienced in threat and vulnerability management, penetration testing and SecOps (intrusion detection, security logging, malware analysis, and forensics)
• Have solid experience in threat analysis, APT and incident response
• Have experience implementing standards such as ISO27K, PCI DSS, NIST, SANS Critical Controls, SOC for cybersecurity, etc. into technical controls
• A self-starter who is comfortable working with a small team in an unstructured environment