Senior Security Architect

�

� Description

• • Shape the future of secure financial technology: As Senior Security Architect you will own the end-to-end security vision for ION’s multi-cloud trading and workflow automation platforms that support 40 % of the world’s largest companies, central banks and governments. Your blueprints will protect billions of euros in daily transaction flow and become the reference standard for the entire group.
• • Define and enforce cloud-first security policies: Draft, ratify and continuously evolve policies that embed secure-by-design principles into every stage of the SDLC. You will translate ISO 27001, PCI DSS, MIL-SPEC and emerging EU regulations into concrete guard-rails that development, DevOps and product teams can consume as code.
• • Automate everything security: Build and maintain pipelines that weave SCA, SAST, DAST, IAST and RASP into CI/CD, eliminating classes of vulnerabilities before they reach staging. You will author Terraform, CloudFormation or Pulumi modules that provision security services (KMS, GuardDuty, Security Hub, Azure Defender, GCP SCC) with drift detection and auto-remediation baked in.
• • Instrument measurable security outcomes: Design and track KPIs/KRIs that move the conversation from “we think we’re secure” to “we can prove 99.98 % patch compliance within 24 h”. Your dashboards will give executives real-time visibility into control effectiveness and red-team gap closure.
• • Lead post-mortem and threat-model rituals: Facilitate blameless incident reviews, translate root causes into architectural improvements, and update the enterprise threat model using STRIDE/LINDDUN. You will mentor squads to adopt threat-modeling-as-code so security decisions are versioned alongside user stories.
• • Champion a security culture: Create and deliver role-based training, brown-bags and Capture-the-Flag events that turn developers into your first line of defense. You will chair the monthly Cloud Security Guild, curate internal security newsletters and speak at external meet-ups to amplify ION’s security brand.
• • Architect zero-trust, micro-segmented landing zones: Design multi-account AWS Organizations, Azure Landing Zones or GCP Folders that enforce least privilege through policy-as-code (OPA, Kyverno), service-mesh mTLS and workload identity federation. Your patterns will support 10 000+ pods across Milan, Pisa, London and New York with sub-millisecond latency budgets.
• • Influence product road-maps: Partner with product owners to translate customer security requirements into differentiating features—such as immutable audit trails, confidential computing enclaves or quantum-resistant encryption—that close deals and renewals.
• • Stay ahead of the threat curve: Run continuous research sprints on emerging attack vectors (e.g., CI/CD poisoned pipelines, Kubernetes RBAC bypasses, AI model theft) and incubate proof-of-concepts that keep ION two steps ahead of adversaries and auditors alike.