Senior Platform Security Engineer
Pisa
ION Group
ION financial software improves decision making, simplifies complicated processes and empowers you by providing the right tools.Your duties and responsibilities
- Support design and execution of the information security risk management framework
- Work with Legal, Risk and IT to ensure compliance with NIS2, DORA and/or ISO27K where relevant.
- Maintain and improve policies, standards and control documentation aligned to regulatory and client obligations.
- Assist with internal and external audits, client due diligence and exception management.
- Support product and engineering teams in adopting DevSecOps and secure design principles.
- Act as point of escalation during major incidents or zero-day threats for the in-scope entity.
- Lead and continuously improve our detection and response capabilities for the specific entity.
- Serve as a senior incident responder, addressing emerging threats across the environment.
- Collaborate with infrastructure, network, and cross-functional teams to contain, investigate, and remediate security incidents.
- Conduct root cause analysis and participate in forensic investigations as needed.
- Enhance system visibility by expanding logging coverage and implementing additional monitoring capabilities.
- Maintain, update, and regularly test incident response runbooks, containment strategies, and escalation protocols.
- Lead the end-to-end vulnerability management process for ION Markets systems, from identification to remediation.
- Provide support for security architecture reviews of developed systems to ensure alignment with best practices.
- This role may require some overnight, weekend and on-call activities.
Your skills, experience, and qualifications
- Fluency in Italian and English, as the role requires regular interaction with internal stakeholders, regulatory bodies and clients in the Italian Market
- Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include:
- Security+, OSCP, CCSP, CEH, GCIH, GMON
- 7+ years' experience in Information Security with proven experience in operations & compliance roles.
- Must have fundamental programming/scripting capabilities (e.g. python, PowerShell, bash, etc.)
- Familiarity with NIS2 / DORA and external regulations.
- Strong understanding of ISO27K
- A team player with the ability to work independently and unsupervised
- Ability to own delegated tasks and see them through to completion
- Ability to manage time and prioritize work to maximize productivity
- Excellent communication skills (both written and verbal)
- Exceptional attention to detail and quality
- Excellent problem-solving techniques and trouble analysis skills
- Endpoint security concepts, controls, and best practices for Servers (e.g. Windows and Linux)
- General IT networking concepts, protocols, standards and network security concepts, controls, and best practices
- Cryptography fundamentals and data security controls and best practices
- Forensic investigation techniques
- Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, vulnerability management, MDM, etc.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation Banking Bash CASB CCSP CEH Compliance Cryptography DevSecOps EDR Endpoint security Firewalls GCIH Governance IAM IDS Incident response IPS ISO 27000 Linux Monitoring Network security NIS2 OSCP PowerShell Product security Python Risk management RMF Scripting Security strategy SIEM Strategy Vulnerability management Windows Zero-day
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.