IT Security Engineer

About Tradition

Tradition is the interdealer broking arm of Compagnie Financière Tradition and one of the world's largest interdealer brokers in over-the-counter financial and commodity related products. CFT is represented in over 28 countries, employing over 2,500 people. Tradition’s goal is to provide superior client services. It believes its business success is a direct reflection of its employees and recruits. As such, teamwork, creativity, reliability and integrity are components of a work ethic taken very seriously since the company was founded in 1959.

Tradition is currently seeking to appoint an IT Security Engineer to be based in our London office.

Main Responsibilities of an IT Security Engineer

• Support Information Security risk management, compliance activities, and governance initiatives.
• Collaborate with stakeholders to identify, document, and mitigate security risks through effective controls.
• Work with key software and service vendors to manage security products and solutions.
• Lead and support security incident response, including investigation, containment, and remediation.
• Deploy, manage, and continuously improve security tools, including vulnerability management, identity management, and attack surface monitoring.
• Analyse emerging threats and vulnerabilities, leveraging threat intelligence to proactively mitigate risks.
• Perform proactive threat hunting, research, and analysis, delivering actionable intelligence to IT and security teams.
• Perform security assessments, audits, and penetration testing using industry-standard methodologies and tools.
• Deliver security awareness training and phishing simulations to internal stakeholders.
• Ensure compliance with company policies and applicable regulatory frameworks.
• Undertake ongoing security training and certifications relevant to the role.

Key Skills/Experience Required

• Strong experience as a Security Engineer or a related technical role.
• Strong understanding of security principles, practices and standards and how they translate into real world technical solutions.
• Significant experience in the field of Information Security including Governance, Risk management and Compliance frameworks, Security Awareness and Threat Intelligence.
• Ability to effectively communicate complex security or intelligence related information to both technical and non-technical audiences.
• Proven hands-on expertise in a field such as Linux/Unix administration, enterprise networking or Microsoft technologies.
• Familiarity with: Encryption Concepts and Tools, Integrating Security Controls into DevOps/CI/CD Pipelines, Scripting and Automation, Email Security Practices, Vulnerability Management, Identity and Access Control Management, Security Tools: SIEM, IDS/IPS/WAF, Firewalls, and Endpoint Protection, Cloud Security Concepts.
• Relevant certifications (CISSP, CISM, CEH, OSCP, GIAC, GCIH, GCFA, or similar) preferred.

Key skills/competency

• Information Security
• Risk Management
• Compliance Frameworks
• Incident Response
• Vulnerability Management
• Threat Intelligence
• Security Assessments
• Penetration Testing
• Security Tools (SIEM, IDS/IPS/WAF)
• Cloud Security