About us
We’re visionary innovators providing trading and workflow automation solutions, high-value analytics, and strategic consulting to corporations, financial institutions, central banks, and governments. Over 40% of the world’s largest companies use our solutions. We have achieved significant growth by integrating some of the best financial technology companies globally.
At ION, we offer careers full of opportunities: to invent, design, collaborate, build, and transform businesses while empowering people worldwide to do more, faster, and better. Discover what you can achieve here.
Learn more at iongroup.com.
Your role
Your duties and responsibilities
* Establish policies and procedures that promote secure development and cloud principles.
* Enable security automation using tools to reduce vulnerabilities and human errors.
* Automate audit evidence collection throughout the SDLC to facilitate compliance reporting.
* Monitor security metrics to improve continuously and stay ahead of threats.
* Maintain engagement with teams to ensure the ION Cloud architecture and operations meet top security standards.
* Create a secure cloud architecture and strategy supported by robust infrastructure and an efficient operating model.
* Conduct post-mortem incident analyses.
* Review security compliance of deployment, maintenance, monitoring, and management processes.
* Collaborate with software architects to incorporate security in software design.
* Evaluate the latest cloud applications, hardware, and security practices regularly.
* Provide training and guidance to foster a security-aware culture across the organization.
* Assist product owners in refining security requirements aligned with customer strategies and selling points.
Other duties may be assigned as your role expands.
Your skills, experience, and qualifications
Skills
* Threat modeling expertise.
* Standards and implementations for authentication and authorization.
* Application of encryption at rest and in transit.
* Standards and implementations for certificates and secrets.
* Experience managing security in public clouds (AWS, Azure, GCP), with at least 3 years in either AWS or Azure.
* Designing secure microservices architectures in a cloud-native environment.
* Strong networking knowledge.
* Understanding different deployment models (Container, Serverless, Cloud, PaaS, IaaS).
* Ability to work remotely with diverse, distributed teams across regions and time zones.
* Autonomous research skills to stay ahead of security threats.
* Practices in SSDLC within DevOps, CI/CD environments.
* Knowledge of OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc.
* Experience with penetration testing and vulnerability scanning.
* Designing security monitoring tools.
* Developing pipelines utilizing SCA, SAST, DAST, IAST, and RASP solutions.
Qualifications
* SANS / SEC-540: Cloud Security and DevSecOps Automation.
* Systems Security Certified Practitioner (SSCP).
* Certified Information Systems Security Professional (CISSP).
* Certified Authorization Professional (CAP).
* Certified Secure Software Lifecycle Professional (CSSLP).
* HealthCare Information Security and Privacy Practitioner (HCISPP).
Experience
* Multiple years of experience in Threat Modeling.
* Proven track record as an architect and consultant, working directly with delivery teams.
* Experience with Kubernetes, OpenShift, Service Mesh.
* Experience with cloud platforms (AWS, Azure, GCP).
* Experience with achieving or maintaining standards like ISO 27001, PCI DSS, MIL-SPEC.
Contract Type
* Full-time, permanent contract.
Important notes (Italy)
In accordance with Italian Law (L.68 / 99), priority will be given to candidates from the disability list.
Due to high application volume, only candidates meeting the criteria will be contacted.
Non-EU candidates must have a valid EU visa or work permit.
J-18808-Ljbffr
#J-18808-Ljbffr