Information Security Engineer

NFA is purpose‑driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work.

When you join NFA as an Information Security Engineer, you'll play a critical role in protecting the organization's infrastructure, systems and data through proactive security engineering and operational excellence.

Bring your analytical and innovative mindset to help strengthen NFA's security posture by advancing detection capabilities, implementing modern security frameworks and supporting a resilient and secure environment.

Beginning your first day and throughout your career at NFA, you will work alongside a collaborative team to identify risks, implement security controls and support initiatives focused on infrastructure hardening, zero‑trust architecture, and data security. This role is ideal for a security professional who enjoys solving complex challenges and staying ahead of emerging threats. The engineer will partner with platform owners, IT operations, cloud teams, and other stakeholders to deploy and validate controls, engineer detections, and ensure resilient, auditable security baselines across the enterprise.

• Engineer, deploy, and maintain security telemetry pipelines (SIEM/SOAR, EDR/XDR, NDR, IDS/IPS); continuously tune for signal fidelity and performance.
• Normalize and correlate endpoint, identity, network, and cloud logs to support high‑confidence detections and investigations.
• Establish secure configuration baselines for operating systems, endpoints, servers, containers, Kubernetes clusters, and network devices; validate with configuration compliance tooling.
• Integrate baseline compliance into CI/CD and change management processes.
• Design and implement detection logic/use cases mapped to adversary TTPs (e.g., MITRE ATT&CK); author high‑signal rules/playbooks and iteratively reduce false positives.
• Support incident response by engineering containment and eradication steps (segmentation, identity controls, endpoint isolation, patching, hardening) and feed lessons learned back into controls.
• Implement guardrails (policy‑as‑code), preventive/detective controls (CSPM/CNAPP), and cloud‑native logging across accounts/subscriptions/projects.
• Enforce least privilege for service principals/managed identities and automate secrets management; secure workloads, containers, and CI/CD supply chains (signing, SBOM, provenance).
• Design and enforce conditional access, strong MFA, just‑in‑time/just‑enough‑admin, and privileged access workflows; integrate identity signals into detections and automated response.
• Implement identity threat detection and response (ITDR) for risky sign‑ins, token misuse, delegated access abuse, and automated remediation.
• Establish data classification/tagging; deploy endpoint, email, and cloud DLP controls and drive detections for exfiltration and over‑permissioned data stores.
• Implement encryption at rest/in transit with lifecycle key management; validate secure egress/ingress controls.
• Design and tune SASE/SSE policies to protect SaaS usage and remote access; integrate device posture and identity signals; validate policy efficacy via attack simulations.
• Build resilience in security components: infrastructure‑as‑code drift detection, control health monitoring, backup/restore testing, and evidence automation for audits; embed security in CI/CD pipelines.
• Develop AI‑specific incident response playbooks; integrate AI threat intelligence into hunting and detection workflows; align practices with leading guidance (e.g., NIST AI RMF, OWASP Top 10 for LLMs, ISO/IEC 42001).

• 5+ years in security engineering or closely related roles (cyber defense infrastructure, detection engineering, vulnerability management, incident response support).
• Proficiency in scripting/automation (e.g., Python, Power…