ION is hiring a
Senior Security Architect

Summary

The role is for a Security Architect responsible for establishing secure development policies, enabling security automation, maintaining strong team engagement, creating a secure cloud architecture, running post-mortem incidents analysis, and providing training. The company provides trading and workflow automation solutions to corporations, financial institutions, central banks, and governments.

Requirements

• Threat Modeling
• Authentication/authorization standards and implementations
• Application of encryption at rest and in transit
• Certificates/secrets standards and implementations
• Managing security in public clouds ( AWS, Azure, GCP), with at least 3 years specific experience in either AWS or Azure
• Secure microservices architectures in a cloud-native environment
• Strong understanding of networking
• Knowledge of different deployment models (Container, Serverless, Cloud, PaaS, IaaS …)
• Ability to work with diverse, remote, and distributed teams across multiple regions and time zones
• Ability to do research autonomously to always be ahead of any security threat
• SSDLC practices in DevOps, CI/CD environment
• OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc
• Penetration testing, vulnerability scanning
• Design security monitoring tools
• Designing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions

Responsibilities

• Establish policies and procedures that promote secure development/cloud principles
• Enable security automation through tools to reduce vulnerabilities and flaws due to human errors
• Automate audit evidence collection throughout the SDLC to facilitate compliance reporting
• Monitor security metrics to continuously improve and stay one step ahead of the red team
• Maintain strong and continuous engagement with teams to ensure the ION Cloud architecture and operating model is up to the top security standards
• Create a state-of-the-art secure cloud architecture and strategy, supported by a robust and flexible infrastructure with reliable and efficient operating model
• Run post-mortem incidents analysis
• Review the security principles compliancy of deployment, maintenance, monitoring, and management processes
• Cooperate with the software architect to ensure that security aspects are considered in the software architecture
• Regularly evaluate the best cloud applications, hardware, and practices available in the security domain
• Provide training and guidance to the rest of the organization, helping with the development of a security culture throughout the company
• Help the product owner in refining security requirements so that they fit in the customer’s strategy and become selling points