Senior Platform Cyber Security Engineer

Your duties and responsibilities

• Support design and execution of the information security risk management framework 
• Work with Legal, Risk and IT to ensure compliance with NIS2, DORA and/or ISO27K where relevant. 
• Maintain and improve policies, standards and control documentation aligned to regulatory and client obligations. 
• Assist with internal and external audits, client due diligence and exception management. 
• Support product and engineering teams in adopting DevSecOps and secure design principles. 
• Act as point of escalation during major incidents or zero-day threats for the in-scope entity. 
• Lead and continuously improve our detection and response capabilities for the specific entity. 
• Serve as a senior incident responder, addressing emerging threats across the environment. 
• Collaborate with infrastructure, network, and cross-functional teams to contain, investigate, and remediate security incidents. 
• Conduct root cause analysis and participate in forensic investigations as needed. 
• Enhance system visibility by expanding logging coverage and implementing additional monitoring capabilities. 
• Maintain, update, and regularly test incident response runbooks, containment strategies, and escalation protocols. 
• Lead the end-to-end vulnerability management process for ION Markets systems, from identification to remediation. 
• Provide support for security architecture reviews of developed systems to ensure alignment with best practices. 
• This role may require some overnight, weekend and on-call activities.  

Your skills, experience, and qualifications

• Fluency in Italian and English, as the role requires regular interaction with internal stakeholders, regulatory bodies and clients in the Italian Market 
• Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include: 
• Security+, OSCP, CCSP, CEH, GCIH, GMON 
• 7+ years' experience in Information Security with proven experience in operations & compliance roles. 
• Must have fundamental programming/scripting capabilities (e.g. python, PowerShell, bash, etc.) 
• Familiarity with NIS2 / DORA and external regulations. 
• Strong understanding of ISO27K 
• A team player with the ability to work independently and unsupervised  
• Ability to own delegated tasks and see them through to completion 
• Ability to manage time and prioritize work to maximize productivity 
• Excellent communication skills (both written and verbal) 
• Exceptional attention to detail and quality 
• Excellent problem-solving techniques and trouble analysis skills 
• Endpoint security concepts, controls, and best practices for Servers (e.g. Windows and Linux)  
• General IT networking concepts, protocols, standards and network security concepts, controls, and best practices 
• Cryptography fundamentals and data security controls and best practices 
• Forensic investigation techniques 
• Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, vulnerability management, MDM, etc.