We tackle the most complex problems in quantitative finance, by bringing scientific clarity to financial complexity.
From our London HQ, we unite world-class researchers and engineers in an environment that values deep exploration and methodical execution - because the best ideas take time to evolve. Together we're building a world-class platform to amplify our teams' most powerful ideas.
As part of our engineering team, you'll shape the platforms and tools that drive high-impact research - designing systems that scale, accelerate discovery and support innovation across the firm.
Take the next step in your career.
The role
We are seeking an experienced Kubernetes Security Engineer on a 12-month contract to strengthen the security of our Kubernetes platforms.
This is a specialist role focused on Kubernetes networking, identity and runtime security. You will design, implement and operationalise advanced controls that protect multi-tenant clusters running highly sensitive and performance-critical workloads.
Working closely with platform engineers, security teams and internal users, you will deliver pragmatic, production-ready solutions that improve network isolation, threat detection and runtime visibility without compromising developer experience or performance.
Key responsibilities of the role include:
- Designing, implementing, and operating Cilium-based networking and security controls, including network policies, identity-aware networking and traffic visibility
- Improving Cilium upgrade processes, collaborating with teams and training operations staff
- Implementing and scaling cluster mesh across Kubernetes environments
- Deploying and operationalising Tetragon for runtime security, including observability, detection policies and integration with existing tooling
- Strengthening multi-tenant security through network policies, RBAC and identity-based controls aligned with platform standards
- Collaborating with platform and security teams to define threat models for Kubernetes workloads, translate security requirements into controls and harden cluster configurations
- Integrating security telemetry into existing observability stacks including Prometheus, Grafana, OpenTelemetry and SIEM pipelines
- Providing guidance and best practices on secure Kubernetes networking and runtime behaviour
- Contributing to incident response related to Kubernetes security events, including root cause analysis and preventative improvements
- Documenting designs, detection strategies, runbooks and operational procedures to ensure long-term maintainability
Who are we looking for?
We value engineers who bring curiosity, pragmatism and collaboration to their work, and who are motivated to grow continuously while helping those around them do the same.
The ideal candidate will have the following skills and experience:
Essential skills:
- Strong Linux systems engineering background with a security focus
- Deep hands-on experience with Cilium, including network policy design and troubleshooting
- Experience with zero-trust networking and securing Kubernetes clusters in production
- Strong understanding of Kubernetes internals, including networking, service identity, RBAC and multi-tenant cluster design
- Proficiency with Infrastructure as Code and configuration management tools such as Helm, Terraform or GitOps
- Ability to diagnose complex security, networking and performance issues
- Strong communication skills with ability to explain security trade-offs to non-security specialists
- Experience producing clear technical documentation, designs and runbooks
Desirable skills:
- Experience integrating Kubernetes security signals into SIEM or detection platforms
- Experience with Cilium cluster mesh and policy engines such as OPA or Gatekeeper
- Familiarity with eBPF-based tooling beyond Cilium/Tetragon
- Experience with managed Kubernetes platforms such as AWS EKS
- Exposure to high-performance or low-latency environments
- Contributions to open-source projects in the Kubernetes, Cilium or eBPF ecosystems
Why join us?
- Highly competitive compensation plus annual discretionary bonus
- Lunch provided (via Just Eat for Business) and dedicated barista bar
- 30 days’ annual leave
- 9% company pension contributions
- Informal dress code and excellent work/life balance
- Comprehensive healthcare and life assurance
- Cycle-to-work scheme
- Monthly company events
