Full-Time
Application Security Engineer
Posted on 4/1/2026
ION Group
5,001-10,000 employees
Provides automated software platforms for trading
No salary listed
London, UK
In Person
 IT & Security (1) |
|---|
- 6+ years in Product Security / Application Security, with demonstrable engineering-facing delivery
- Strong understanding of OWASP (Web + API risks) and modern attack paths (authz flaws, SSRF, injection, deserialization, business logic abuse, supply chain)
- Hands-on experience integrating security into CI/CD (SAST/DAST/SCA/secrets), triaging findings, and enabling developer remediation
- Comfortable reading/reviewing code in at least one backend language (e.g., Java, C++, Go, Python, Node.js) and common web stacks
- Solid grasp of cloud-native delivery practices: microservices, containers, CI/CD, IaC fundamentals, observability, and logging
- Strong communication skills: able to translate risk into clear engineering actions and influence outcomes
- Secure SDLC Ownership: Help to define lightweight, measurable SSDLC (requirements, design checks, guidance, release criteria); establish “paved roads” (reference architectures, secure templates, approved libs/patterns)
- CI/CD Security Automation (Shift‑left): Own AppSec toolchain/pipelines (SAST, DAST, SCA, secrets, IaC/container); integrate risk‑based gating with clear developer feedback; tune rules, cut false positives, and standardize triage (tickets, auto‑routing, SLAs)
- Code Review & Secure Engineering Support: Perform security code reviews for critical areas (authn/authz, sessions, crypto, data protection, input validation, business logic); provide remediation guidance, secure patterns, and concise code/design examples
- API & Service Security: Lead API security (OAuth/OIDC, token handling, rate limiting, schema validation, anti‑abuse, secure errors, logging/monitoring); drive API testing (contracts + targeted DAST); partner on service‑to‑service security
- Secure Design Reviews & Threat Modeling: Run pragmatic threat modelling/design reviews for new features and changes; produce actionable outputs (mitigations, backlog, acceptance criteria, test cases); maintain requirements for identity, sensitive data, and privacy‑by‑design
- Supply Chain Security (SCA/SBOM): Manage dependency risk (triage, upgrade strategies, deprecations, guardrails); establish SBOM generation/use and provide evidence for assurance; assess third‑party components/SDKs and provenance/attestation risks
- Vulnerability Lifecycle, SLAs & Metrics: Run intake/triage across tools, pen tests, VDP/bug bounty, and internal findings; define remediation SLAs by severity/exploitability and asset criticality, manage exceptions and verify fixes; report meaningful metrics (MTTD, MTTF, reopen rate, recurring classes, coverage, control effectiveness)
- Hands‑on Testing (Targeted & Risk‑Based): Execute focused testing on high‑risk areas (web, APIs, mobile/auth flows) to validate exploitability; coordinate third‑party testing and ensure findings translate into prioritized engineering outcomes
- Threat modeling experience (STRIDE or similar) with real production outcomes
- Fintech or regulated-environment experience in translating obligations into product controls (e.g., PCI, GDPR/DORA concepts)
- Bug bounty/VDP experience (triage, validation, reporter comms process)
- Certifications: OSWE/OSCP/GPEN/GXPN, cloud certifications, or secure software development certifications
ION Group delivers software platforms and APIs that automate trading, processing, and risk management for institutional clients in global financial markets. Its products connect to multiple trading venues and exchanges, enabling efficient, accurate transactions and streamlined operations. The company earns revenue from software licensing, subscriptions, and professional services, including customization and support. ION differentiates itself by expanding through acquisitions to stay agile and by offering integrated automation across trading, processing, and risk management, backed by a broad connectivity footprint. The goal is to help clients achieve greater efficiency and reduce operational risk in their financial workflows.
Company Size
5,001-10,000
Company Stage
Growth Equity (Venture Capital)
Total Funding
$438.5M
Headquarters
London, United Kingdom
Founded
1998
Simplify's Take
What believers are saying
- EU Verification of Payee creates immediate compliance demand across European treasury clients.
- NatGasHub integration deepens ION's position in North American commodity scheduling.
- Event contracts open a new derivatives workflow category for FCMs and brokers.
What critics are saying
- Stripe and Adyen can bundle Verification of Payee into existing payment workflows.
- Event-contract platforms like Kalshi can outcompete XTP on speed and distribution.
- Any material outage would trigger procurement bans and accelerated client defections.
What makes ION Group unique
- ION sells mission-critical automation across trading, treasury, and risk workflows.
- Its XTP launched event-contract clearing with Wedbush in under six weeks.
- ION Treasury supports both on-premises and cloud deployments for regulated clients.
Help us improve and share your feedback! Did you find this helpful?
Your Connections
People at ION Group who can refer or advise you
Benefits
Health, dental, and vision insurance
AD&D and disability insurance
Flexible spending account
Health savings account
Life insurance
Mental health care
401K plan
Performance bonus
Supplemental workers' compensation
Family medical leave & parental leave
PTO, paid holidays, sick days, bereavement leave, and volunteer time off
Commuter checks
Company social events
Employee assistance program
Free lunch
mobile phone discount
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 0%2 year growth
↑ 0%ION wins Market Surveillance Solution of the Year at FOW Asia Pacific Awards 2025. 17 October 2025 LONDON - 17 October 2025: ION, a global leader in trading and workflow automation software, high-value analytics and insights, and strategic consulting to financial institutions, central banks, governments, and corporates, announces that LookOut has been named "Market Surveillance Solution of the Year" at the FOW Asia Pacific Awards 2025. The awards, hosted by Futures & Options World (FOW), recognize excellence and achievements in the Asian derivatives industry. LookOut is a global, multi-compliance solution for trade surveillance, record keeping, and regulatory reporting. The solution enables brokers, investment banks, asset managers, and trading venues to meet regulatory requirements across different asset classes. The product's broad coverage - including market manipulation, insider trading, best execution and trading obligation monitoring, market-making, and market integrity surveillance - earned it the top honors. LookOut features over 50 built-in detection algorithms and complies with global and regional trade surveillance regulations across EMEA, North America, and APAC. Over the past few years, ION has made strategic investments in artificial intelligence and machine learning, resulting in the development of a Machine Learning Toolkit (MLT). LookOut used the toolkit to build a Machine Learning for Alarm Classification (MLAC) module, streamlining alert triage and case management, and significantly reducing the time compliance teams spend on analysis. Mirko Marcadella, Head of Product for Risk & Market Surveillance Solutions in Markets, ION, said: "We are honored that our LookOut solution has been recognized as the Market Surveillance Solution of the Year. This award reflects our commitment to delivering best-in-class technology that empowers our clients, in Asia, as well as globally, to navigate complex regulatory challenges. Over the past few years, we've significantly expanded our investment in AI and machine learning. Combined with native integration across other ION solutions, these innovations have strengthened our market presence and helped our clients streamline surveillance operations, reduce response times, and improve overall efficiency."
LONDON, July 7, 2025 /PRNewswire/ - ION, a global leader in trading and workflow automation software, high-value analytics and insights, and strategic consulting to financial institutions, central banks, governments, and corporates, announces that its Fidessa platform has won "Best Sell-Side OMS" at Capital Markets Technology Awards APAC 2025.
LONDON, May 23, 2025 /PRNewswire/ - ION, a global leader in trading and workflow automation software, high-value analytics and insights, and strategic consulting to financial institutions, central banks, governments, and corporates, announces that its Fidessa Algorithms has won "Best algo trading solution" at the WatersTechnology Asia Awards 2025.
LONDON, May 22, 2025 /PRNewswire/ -- ION Commodities, the leading global provider of energy and commodity trading and risk management (ETRM/CTRM) solutions, has been named CTRM Software House of the Year at the prestigious Energy Risk Awards 2025.Each year, Risk.net – the world's leading source of in-depth news and analysis—hosts the Energy Risk Awards to recognize excellence in the commodity markets. The awards distinguish companies across global commodity markets for their innovation and leadership.This recognition highlights ION Commodities' continued commitment to delivering innovative, scalable, and future-ready solutions that empower organizations to navigate an increasingly volatile and complex trading environment. It underscores ION's role as a trusted partner in driving digital transformation and operational resilience across global commodity markets.In recent years, ION has significantly invested in its CTRM portfolio—continuing to expand its functionality for traditional fossil fuel-based commodities while also advancing capabilities to support the energy transition. This dual focus enables businesses to navigate both long-term market shifts and near-term disruptions, while meeting growing regulatory and sustainability demands.With investments in AI, real-time analytics, cloud-native architecture, and integration across traditional and renewable fuels, biogas, carbon, and power markets, ION supports a diverse range of energy and commodity businesses in transforming and streamlining new and existing operations. Many companies have turned to ION to modernize their global trading operations, integrate renewables, and optimize supply chains. From SaaS solutions like Aspect to enterprise-scale C/ETRMs like Openlink, TriplePoint, RightAngle, and Allegro, ION's technology enables real-time risk mitigation, cross-market visibility, and long-term scalability."This recognition underscores ION's role in supporting businesses navigating the complex realities of today's global commodity markets," said Sunil Biswas, Chief Executive Officer of ION Corporates
The Creditflux awards are the only credit fund and CLO industry awards solely determined by data and metrics, showcasing the market's best performers. LONDON, May 16, 2025 /PRNewswire/ -- Creditflux, a Debtwire service and part of ION Analytics, and the leading source for CLO and credit trading news, data, and analysis globally, hosted its 17th annual CLO Manager Awards at the Nobu Hotel in London on 15 May 2025. The global collateralized loan obligation (CLO) community came together to recognize the best-performing CLOs, managers, and funds across the USD 1.4tn global CLO market. This year, over 90 CLO managers and CLO fund managers submitted performance data for the awards. The category winners were announced live during the Creditflux Manager Awards Dinner, attended by 350 guests