Do you want to tackle the biggest questions in finance with near infinite compute power at your fingertips?
G-Research is a leading quantitative research and technology firm, with offices in London and Dallas.
We are proud to employ some of the best people in their field and to nurture their talent in a dynamic, flexible and highly stimulating culture where world-beating ideas are cultivated and rewarded.
This is a hybrid role based in our new Dallas infrastructure hub where we work on the latest technologies in a cutting-edge environment.
The role
At G-Research, we believe that security should be an enabler, not a blocker, which is why we’re building systems that empower developers to move fast and build securely.
Our DevSecOps team plays a central role in this mission and we're looking for a DevSecOps Engineer to help us go further. In this role, you will secure our software supply chain, embed AppSec into our CI/CD pipelines and partner with engineering teams to drive smart, secure decisions earlier in the SDLC.
As a DevSecOps Engineer, you will work at the intersection of security and engineering, embedding tools and processes to detect risk early and automate the right responses. This is a hands-on role, focused on driving adoption of modern AppSec tooling, triaging real-world vulnerabilities and creating fast, developer-friendly feedback loops.
Key responsibilities of the role include:
Embedding and optimising SAST, SCA and DAST tools within CI/CD pipelines to catch issues early
Triaging and contextualizing security findings, guiding developers toward practical, risk-based fixes
Building automation and internal tooling to streamline how security results are collected, prioritised and acted upon
Driving the creation, management and use of Software Bills of Materials (SBOMs) to improve visibility and traceability of dependencies
Championing SDLC supply chain security, including dependency hygiene, provenance, artefact integrity and secure build environments
Enabling teams with playbooks, education and tooling that make secure development the default path
Collaborating cross-functionally with Platform and Product teams to evolve our security posture
Who are we looking for?
The ideal candidate will have the following skills and experience:
Solid experience securing CI/CD pipelines and integrating AppSec tooling using platforms such as GitLab CI, Jenkins and GitHub Actions
Working knowledge of SAST, SCA and DAST principles and tuning techniques to improve signal quality
Familiarity with SBOM standards – such as CycloneDX or SPDX - and how they’re used to improve software transparency
Experience scripting or building automation in Python, C#, Go or similar
A strong grasp of container security, for example with Docker or Kubernetes and cloud infrastructure, such as AWS, Azure or GCP
A collaborative, low-ego approach with strong written and verbal communication skills
A growth mindset; you're excited to continuously evolve your knowledge and help others do the same
The below are beneficial:
Experience with secure management and distribution of secrets using tools such as HashiCorp Vault or AWS Secrets Manager
Operational knowledge of PKI and internal certificate lifecycles
Secure artefact signing, provenance tracking or build pipeline hardening
Why should you apply?
Market-leading compensation plus annual discretionary bonus
Lunch provided in the office (via GrubHub)
Informal dress code and excellent work/life balance
Excellent paid time off allowance of 25 days
Sick days, military leave, and family and medical leave
Generous 401(k) plan
16-weeks’ fully paid parental leave
Medical and Prescription, Dental, and Vision insurance
Life and Accidental Death & Dismemberment (AD&D) insurance
Employee Assistance and Wellness programs
Generous relocation allowance and support
Great selection of office snacks, and hot and cold drinks
Free on-site gym and car parking
This role is employed through our US affiliate
