Who We Are

Option One Technologies is a next-generation managed IT and cloud platform revolutionizing how financial services firms and institutions access best-in-class technology. Founded in 2019 by alumni from the Boston-based hedge fund Highfields Capital Management, we deliver white-glove managed services purpose-built for SEC-registered investment advisers, FINRA broker-dealers, hedge funds, and high-net-worth family offices. Our mission is to make enterprise-grade security, compliance, and infrastructure accessible to firms of every size — from established institutions to emerging managers.

About the Role

We are seeking a mid-to-senior Security Engineer to own and advance the security posture of a regulated financial services environment. This is a hands-on role that blends day-to-day operational defense with compliance, user enablement, and offensive testing. You will be the connective tissue between our security tooling, our compliance obligations, and the people who rely on you to keep them safe.

The ideal candidate is equally comfortable triaging a SIEM alert, walking a non-technical user through a phishing simulation result, scoping a penetration test, and mapping a control to a NIST subcategory. Strong communication is not a "nice to have" here — it is central to the job.

What You'll Do

• Security operations & monitoring — Operate and tune our SOC/SIEM stack, investigate alerts, triage incidents, and drive detection and response improvements. Reduce noise, increase signal, and document what you find.
• Endpoint & network defense — Administer and optimize SentinelOne (EDR) and Zscaler (ZTNA / secure web gateway), including policy tuning, exclusions, threat hunting, and incident containment.
• Vulnerability management — Run and interpret recurring vulnerability scans, prioritize findings by real-world risk, coordinate remediation with IT and engineering, and track issues to closure.
• Penetration testing — Plan and perform internal and external penetration tests, document findings with clear severity and reproduction steps, and partner with stakeholders on remediation. Coordinate scope and results from third-party pen tests where applicable.
• Compliance & governance — Maintain and evidence controls for SOC 2 and NIST frameworks, and support compliance obligations specific to Registered Investment Advisors (RIAs) (e.g., SEC/regulatory safeguarding and recordkeeping expectations). Prepare for and support audits.
• Security awareness & training — Own the KnowBe4 program: build phishing simulations, manage training campaigns, analyze results, and follow up with users. Work with employees daily to coach them on secure behavior in plain, approachable language.
• User-facing support — Serve as a trusted, patient point of contact for security questions across the business. Translate technical risk into terms any user can act on.
• Documentation & continuous improvement — Keep runbooks, policies, and procedures current. Recommend and implement improvements to tooling, process, and posture.

What You'll Bring

Required

• 4+ years in security engineering, security operations, or a closely related role (mid-to-senior range; depth matters more than exact years).
• Hands-on SOC / SIEM experience — alert triage, investigation, tuning, and detection logic.
• Working knowledge of and demonstrable experience with SentinelOne, Zscaler, Umbrella and KnowBe4 (or directly comparable EDR, ZTNA/SWG, and security-awareness platforms).
• Practical penetration testing ability and experience running/interpreting vulnerability scans and driving remediation.
• Solid understanding of SOC 2 and NIST (e.g., 800-53 / CSF) controls, evidence, and audit support.
• Familiarity with compliance considerations for Registered Investment Advisors or another regulated financial environment.
• Excellent written and verbal communication — you can teach, de-escalate, and explain risk to non-technical audiences, and you genuinely enjoy working with users every day.

Preferred / Nice to Have

• Relevant certifications such as OSCP, CISSP, GPEN, GCIH, Security+, or equivalent.
• Experience with cloud security (AWS / Azure / GCP) and SaaS security posture.
• Scripting / automation (Python, PowerShell, or similar) for tooling and detection.
• Prior experience in financial services, fintech, or another highly regulated industry.

What Success Looks Like

• First 90 days: Fluent in our tooling and alerting; vulnerability scan cadence and remediation tracking are healthy; first phishing campaign run and reported on.
• First 6 months: Measurable reduction in SIEM noise and open critical/high vulnerabilities; SOC 2 / NIST control evidence is organized and audit-ready; users recognize you as the go-to security resource.

Why Join Option One Technologies

• High-impact, multi-disciplinary role — work at the intersection of cybersecurity, compliance, and financial services with some of the most sophisticated firms in the industry
• Accelerated professional growth — direct exposure to SEC/FINRA regulatory environments, advanced security tooling, and complex network architectures across a diverse client portfolio
• Entrepreneurial culture — small, senior team where your work directly shapes client outcomes and company direction
• Professional development budget to earn industry certifications and attend training
• Comprehensive benefits: health, dental, and vision insurance; flexible schedule; paid time off; hybrid work arrangement
• Competitive compensation commensurate with experience

Pay: From $80,000.00 per year

Benefits:

• Dental insurance
• Flexible schedule
• Health insurance
• Paid time off
• Professional development assistance
• Vision insurance

Application Question(s):

• Do you live in MA, RI or NH? Yes or No. We do not pay for relocation.

Experience:

• Writing Security Policies: 2 years (Required)
• Security User Training: 2 years (Required)
• DUO: 2 years (Preferred)
• KnowBe4: 2 years (Preferred)

Ability to Commute:

• Boston, MA 02110 (Preferred)

Work Location: Hybrid remote in Boston, MA 02110