Senior Platform Security Engineer

About us: We’re a diverse group of visionary innovators who provide trading and workflow automation software, high-value analytics, and strategic consulting to corporations, central banks, financial institutions, and governments. Founded in 1999, we’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world. Over 2,000 of the world’s leading corporations, including 50% of the Fortune 500 and 30% of the world’s central banks, trust ION solutions to manage their cash, in-house banking, commodity supply chain, trading, and risk. Over 800 of the world’s leading banks and broker dealers use our electronic trading platforms to operate the world’s financial market infrastructure. ION is a rapidly expanding and dynamic group with 13,000 employees and offices in more than 40 cities around the globe,  Our ever-expanding global footprint, cutting-edge products, and over 40,000 customers worldwide provide an unparalleled career experience for those who share our vision. Learn more at iongroup.com.   Role Overview: ION Markets Information Security Team is looking to hire a Senior Platform Security Engineer that support the division’s security strategy through definition and implementation of security controls across our platforms, infrastructure, and operational workflows. As the Senior Platform Security Engineer, you will play a key role in safeguarding our systems,clients and Intellectual Property. You’ll sit at the intersection of security operations, governance risk, and product security, helping to design, operate, and improve a robust security posture for our services.  You will be serving as both a hands-on technical leader and operational responder, working closely with Product, infrastructure and Security Operations teams. We are looking for a hard-working, dedicated and motivated individual. Excellent communication skills are a must, and the role holder will be expected to cultivate working relationships with other teams and colleagues of varying technical ability. The role would suit a technically strong candidate looking to drive forward career progression within a dedicated security team. Ideally the candidate will have come from related security and architecture roles, focusing on security operations and product development.

 

Your duties and responsibilities

• Support design and execution of the information security risk management framework 
• Work with Legal, Risk and IT to ensure compliance with NIS2, DORA and/or ISO27K where relevant. 
• Maintain and improve policies, standards and control documentation aligned to regulatory and client obligations. 
• Assist with internal and external audits, client due diligence and exception management. 
• Support product and engineering teams in adopting DevSecOps and secure design principles. 
• Act as point of escalation during major incidents or zero-day threats for the in-scope entity. 
• Lead and continuously improve our detection and response capabilities for the specific entity. 
• Serve as a senior incident responder, addressing emerging threats across the environment. 
• Collaborate with infrastructure, network, and cross-functional teams to contain, investigate, and remediate security incidents. 
• Conduct root cause analysis and participate in forensic investigations as needed. 
• Enhance system visibility by expanding logging coverage and implementing additional monitoring capabilities. 
• Maintain, update, and regularly test incident response runbooks, containment strategies, and escalation protocols. 
• Lead the end-to-end vulnerability management process for ION Markets systems, from identification to remediation. 
• Provide support for security architecture reviews of developed systems to ensure alignment with best practices. 
• This role may require some overnight, weekend and on-call activities.  

Your skills, experience, and qualifications

• Fluency in Italian and English, as the role requires regular interaction with internal stakeholders, regulatory bodies and clients in the Italian Market 
• Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include: 
• Security+, OSCP, CCSP, CEH, GCIH, GMON 
• 7+ years' experience in Information Security with proven experience in operations & compliance roles. 
• Must have fundamental programming/scripting capabilities (e.g. python, PowerShell, bash, etc.) 
• Familiarity with NIS2 / DORA and external regulations. 
• Strong understanding of ISO27K 
• A team player with the ability to work independently and unsupervised  
• Ability to own delegated tasks and see them through to completion 
• Ability to manage time and prioritize work to maximize productivity 
• Excellent communication skills (both written and verbal) 
• Exceptional attention to detail and quality 
• Excellent problem-solving techniques and trouble analysis skills 
• Endpoint security concepts, controls, and best practices for Servers (e.g. Windows and Linux)  
• General IT networking concepts, protocols, standards and network security concepts, controls, and best practices 
• Cryptography fundamentals and data security controls and best practices 
• Forensic investigation techniques 
• Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, vulnerability management, MDM, etc.