Tradition is the interdealer broking arm of Compagnie Financière Tradition and one of the world's largest interdealer brokers in over-the-counter financial and commodity related products. CFT is represented in over 28 countries, employing over 2,500 people.
Tradition’s goal is to provide superior client services. It believes its business success is a direct reflection of its employees and recruits. As such, teamwork, creativity, reliability and integrity are components of a work ethic taken very seriously since the company was founded in 1959.
Tradition is currently seeking to appoint a Senior IT Security Engineer to be based in our Madrid office.
Main responsibilities within the Senior IT Security Engineer position include:
Support Information Security risk management, compliance activities, and governance initiatives.
Collaborate with stakeholders to identify, document, and mitigate security risks through effective controls.
Work with key software and service vendors to manage security products and solutions.
Lead and support security incident response, including investigation, containment, and remediation.
Deploy, manage, and continuously improve security tools, including vulnerability management, identity management, and attack surface monitoring.
Analyse emerging threats and vulnerabilities, leveraging threat intelligence to proactively mitigate risks
Perform proactive threat hunting, research, and analysis, delivering actionable intelligence to IT and security teams
Perform security assessments, audits, and penetration testing using industry-standard methodologies and tools.
Deliver security awareness training and phishing simulations to internal stakeholders.
Ensure compliance with company policies and applicable regulatory frameworks.
Undertake ongoing security training and certifications relevant to the role.
Key skills and experience required in this role:
5+ years of experience as a Security Engineer or a related technical role
Strong understanding of security principles, practices and standards and how they translate into real world technical solutions.
Significant experience in the field of Information Security including Governance, Risk management and Compliance frameworks, Security Awareness and Threat Intelligence.
Ability to effectively communicate complex security or intelligence related information to both technical and non-technical audiences.
Proven hands-on expertise in in a field such as Linux/Unix administration, enterprise networking or Microsoft technologies.
Familiarity with:
Encryption Concepts and Tools
Integrating Security Controls into DevOps/CI/CD Pipelines
Scripting and Automation
Email Security Practices
Vulnerability Management
Identity and Access Control Management
Security Tools: SIEM, IDS/IPS/WAF, Firewalls, and Endpoint Protection
Cloud Security Concepts
Relevant certifications (CISSP, CISM, CEH, OSCP, GIAC, GCIH, GCFA, or similar) preferred