Senior Security Infrastructure Engineer
Glocomms is partnered with a premier investment management firm seeking a Senior Security Infrastructure Engineer to join its Core Engineering team. This role is ideal for a deeply technical engineer with a strong background in authentication systems, Python development, and enterprise security architecture. The successful candidate will be responsible for building and maintaining secure, scalable, and high-performance infrastructure critical to the firm's global operations.
Key Responsibilities:
- Architect, implement, and maintain Kerberos-based authentication infrastructure across a hybrid environment (Linux, Windows, cloud).
- Develop robust, production-grade Python tooling for automation, monitoring, and integration of security services.
- Engineer secure-by-design solutions for identity, access management, and privileged access control across distributed systems.
- Perform deep-dive analysis of authentication flows, protocol-level debugging, and performance tuning.
- Collaborate with platform, network, and application teams to embed security into infrastructure and CI/CD pipelines.
- Lead incident response and root cause analysis for complex security and authentication issues.
- Contribute to the design of zero-trust architectures and next-generation identity federation strategies.
Required Qualifications:
- 8+ years of experience in systems or security engineering roles, preferably in high-performance or regulated environments.
- Expert-level knowledge of Kerberos, including cross-realm trust, ticket lifecycle, and integration with LDAP/Active Directory.
- Advanced proficiency in Python, with experience building secure, scalable tools and services.
- Strong understanding of authentication protocols (OAuth2, SAML, NTLM), encryption standards, and secure transport mechanisms.
- Deep experience with Linux internals, system-level debugging, and performance profiling.
- Familiarity with infrastructure-as-code (Terraform, Ansible) and container orchestration (Kubernetes).
- Proven ability to work independently on complex problems and deliver high-quality, maintainable solutions.
Preferred Qualifications:
- Experience in financial services or other highly regulated industries.
- Contributions to open-source security or infrastructure projects.
- Familiarity with modern identity platforms (Okta, Azure AD, HashiCorp Vault).
- Certifications such as OSCP, CISSP, or RHCE are a plus.
Candidates must be local and/or open to relocating to the New York City Metropolitan area. This is a hybrid position that will require 3 days per week on-site in Manhattan.
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.