Markets Product Security Engineer

The Role: This is an amazing opportunity to work with Markets Information Security Team at ION. As a Product Security Engineer, you would be the key enabler of secure and compliant products. This role reports to the Product Security Lead and partners closely with engineering and product teams to increase the overall product security posture. You will own and scale product/application security by embedding security into the Secure SDLC, automating controls in CI/CD, and driving measurable risk reduction. The role is hands-on: you will perform security-focused code review and targeted testing, strengthen API security, implement supply chain security (SCA/SBOM) practices, and run an efficient vulnerability lifecycle with clear SLAs and metrics. Key Responsibilities: Within the Product Security Team as part of the ION Markets CISO function, you will deal with the following activities: Monitor and identify security events and emerging threats associated with the product line you are managing and any dependencies; Act as the interface between CSIRT and Product teams as part of security incident activities; Deliver threat modelling and hunting to identify vulnerabilities in product design and provide control recommendations to mitigate those risks; Engage in architecture and design reviews to ensure product alignment with Security strategy and industry best practices; Stay up to date with industry trends, best practices and regulatory standards that may impact product implementations; Support the engineering of control solutions where existing offerings are not available; Provide security expertise during incident and problem management. Produce threat intelligence briefings and other work products to share information across the organisation Respond to ad-hoc requests for platform security related guidance This role may require some overnight, weekend and on-call activities. Required Skills, Qualifications and Experience: Knowledge of:   Working within the financial services industry, or other highly regulated industries in a technical role. Information security management, governance, and compliance principles, practices, laws, rules and regulations, e.g. NIST, ISO, NIS, DORA and GDPR; Information technology systems and processes, network infrastructure, data architecture, data processes and protocols; Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration, e.g. CIS, CSF; Skills in:   Security Tooling: Proficiency in common security tools, such as SIEMs, vulnerability scanners, firewalls and EDR products; Scripting: Proficiency in scripting languages like Python, BASH, or PowerShell; Security Incident Management: Ability to assist with the detection, response, and recovery of escalated security incidents and manage backlog/lessons learned actions; Risk Assessment: Proficiency in conducting security risk assessments and providing thorough post-event analyses; Security Expertise: Providing security expertise during incident and problem management; Communication: Strong communication skills to explain complex security issues to both technical and non-technical audiences.   Ability to: Effectively communicate technical issues to diverse audiences, both in writing and verbally; Handle sensitive and confidential matters, situations, and data; Understand and follow broad and complex instructions; Comprehend technical language and to confer, analyse and write in an objective, lucid manner; Work independently and prioritize multiple tasks and adapt to needed changes; Remain calm under high pressure/difficult situations. Preferred Certifications: GCIH; CSEC; CSSLP; CISSP. CASP+