Markets Platform Security Engineer

Key Responsibilities

• Within the Platform Security Team as part of the ION Markets CISO function, you will deal with the following activities:
•  Monitor and identify security events and emerging threats associated with the platform and any dependencies;
• Act as the interface between CSIRT and Infrastructure/Platform teams as part of security incident activities;
• Deliver threat modelling and hunting to identify vulnerabilities in platform/infrastructure design and provide control recommendations to mitigate those risks;
• Engage in architecture and design reviews to ensure platform alignment with Security strategy and industry best practices;
• Stay up to date with industry trends, best practices and regulatory standards that may impact product implementations;
• Support the engineering of control solutions where existing offerings are not available;
• Provide security expertise during incident and problem management.
• Produce threat intelligence briefings and other work products to share information across the organisation
• Respond to ad-hoc requests for platform security related guidance 
• This role may require some overnight, weekend and on-call activities.

Required Skills, Qualifications and Experience

• Knowledge of:


• Working within the financial services industry, or other highly regulated industries in a technical role.
• Information security management, governance, and compliance principles, practices, laws, rules and regulations, e.g. NIST, ISO, NIS, DORA and GDPR;
• Information technology systems and processes, network infrastructure, data architecture, data processes and protocols;
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration, e.g. CIS, CSF;
 
• Skills in:


• Security Tooling: Proficiency in common security tools, such as SIEMs, vulnerability scanners, firewalls and EDR products;
• Scripting: Proficiency in scripting languages like Python, BASH, or PowerShell;
• Security Incident Management: Ability to assist with the detection, response, and recovery of escalated security incidents and manage backlog/lessons learned actions;
• Risk Assessment: Proficiency in conducting security risk assessments and providing thorough post-event analyses;
• Security Expertise: Providing security expertise during incident and problem management;
• Communication: Strong communication skills to explain complex security issues to both technical and non-technical audiences.
 
• Ability to:
 
• Effectively communicate technical issues to diverse audiences, both in writing and verbally;
• Handle sensitive and confidential matters, situations, and data;
• Understand and follow broad and complex instructions;
• Comprehend technical language and to confer, analyse and write in an objective, lucid manner;
• Work independently and prioritize multiple tasks and adapt to needed changes;
• Remain calm under high pressure/difficult situations.

Preferred Certifications:

• GCIH;
• CSEC;
• CSSLP;
• CISSP.
• CASP+