PEAK6

WHO WE ARE

We are PEAK6, a leading investment firm, using technology to find a better way of doing things. The company’s first tech-based solution was developed in 1997 to optimize options trading, and over the past two decades, the same formula has been used across a range of industries, asset classes, and business stages to consistently deliver superior results. Today, PEAK6 seeks transformational opportunities to provide capital and strategic support to entrepreneurs and forward-thinking businesses. PEAK6’s core brands include PEAK6 Capital Management, PEAK6 Strategic Capital, Apex Fintech Solutions, FOCUS, We Insure, Evil Geniuses, Poker Power, Zogo, and Bruce Markets.

ABOUT THIS ROLE

Your goal is simple and ambitious: make cloud and platform security safe by

default. You’ll deploy and operate CSPM across GCP and AWS, route and

close posture gaps through Jira with tuned suppressions, and give

engineering teams paved-road guardrails (reusable modules, policy checks)

that keep delivery fast and secure.

What you’ll do

• Run CSPM across orgs/accounts: connect GCP Security Command Center and AWS Security Hub, map findings to owners/SLAs in Jira, and reduce noise with scoped suppressions.
• Enforce organization policies: no public buckets, restricted legacy OAuth scopes, domain restrictions, baseline logging/encryption, and CMEK where required.
• Build the paved road: deliver reusable Terraform modules/blueprints with baked-in controls; add pre-commit and CI/CD policy checks that prevent risky changes from shipping.
• Support secure egress & posture gates: partner with the Senior Engineer on Netskope SD-WAN to define app-aware egress and posture-based access for sensitive apps (later in 2026).
• Elevate container/image hygiene: introduce basic image signing/scanning, minimal bases, and sane secrets handling patterns in CI/CD.
• Stop certificate outages: maintain inventory, alerts, and a renewal workflow (ACME where feasible).
• Identity intersections: verify admin MFA enforcement, break-glass testing cadence, and JML hooks that impact cloud access.

What you’ll bring

• Experience: 4–7 years in cloud/platform security with GCP and/or AWS at multi-account/organization scope; proven CSPM operations and Jira-routed closure with SLAs.
• Hands-on CSPM experience (SCC/SecHub or similar) at multi-account/multi-org scope, plus routing and closure in Jira with SLAs.
• IaC fluency (Terraform) and a track record of reusable, secure modules and policy-as-code checks in pipelines.
• Working knowledge of GCP/AWS org policies/controls; ability to balance developer velocity with strong defaults.
• Practical CI/CD exposure (you secure it; you don’t have to build/own the pipelines). Clear communication, documentation, and a habit of proving posture with simple scorecards.

Certifications (nice to have, not required)

• GCP Professional Cloud Security Engineer, AWS Security Specialty, HashiCorp Terraform Associate, CKA/CKS; GIAC GCSA/GC cloud tracks.

How we’ll measure success

• CSPM is connected and useful: findings reach the right owners with actionable tickets and less noise over time.
• Core org policies are enforced, and posture improvements are visible and sustained.
• Paved-road guardrails are adopted by engineers and reduce manual security rework.
• Certificate renewals are predictable, with no surprise expirations.

#LI-P6

OUR REWARDS

We offer a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP), competitive PTO, 401k match, parental leave, and HSA contribution match. We also provide our employees with a paid subscription to the Calm app and offer generous external learning and tuition reimbursement benefits. As a hybrid workforce, we offer our employees the ability to work remotely up to two days a week.

PEAK6 is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, veteran status, marital status, or any other protected characteristic. Our hiring practices ensure that all qualified applicants receive fair consideration without regard to these characteristics.

PEAK6 is committed to creating an inclusive and accessible workplace for all candidates, including those with disabilities. We are dedicated to ensuring equal employment opportunities and providing reasonable accommodations to qualified individuals with disabilities. If you require reasonable accommodations to participate in the application or interview process, please contact our HR department at hrpeak6@peak6.com. We will work with you to provide the necessary accommodations to ensure your full participation in our hiring process.

#PEAK6