AppSec Jobs
← Back to all jobs

ION

Application Security Engineer

London, England, United KingdomWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About ION

ION Group is a global financial software and data firm based in London, founded in 1999 by CEO Andrea Pignataro. The company specializes in automation technologies for trading, execution, risk management, and middle/back office processes across various asset classes. ION serves a diverse clientele, including trading and brokerage firms, multinational corporations, governments, central banks, and financial institutions, focusing on enhancing decision-making and efficiency. The company has grown significantly through strategic acquisitions, including Allegro Development Corporation and Acuris. ION offers a wide range of solutions, such as trading and execution tools, real-time pricing and analytics, risk management systems, and treasury connectivity services. Their products support various industries, including healthcare, transportation, and e-commerce, and are designed to streamline operations and improve financial processes.

Industry

information technology & services

Employees

13,000

874 engineers

Revenue

$3.3B

Website

Visit →

Security at ION

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • ION's AppSec philosophy centers on embedding security directly into the Secure SDLC and automating controls within CI/CD pipelines.
  • The team prioritizes the creation of 'paved roads'—including reference architectures, secure templates, and approved libraries—to enable developers to build securely by default.
  • Their approach is risk-based, defining remediation SLAs according to severity, exploitability, and asset criticality.

Security Team

  • ION's Application Security is organized as a 'Product Security Team' situated within the ION Markets CISO function.
  • The reporting hierarchy flows from technical security managers to a Global Head of IT Security, and ultimately to the Group Chief Information Security Officer (CISO).
  • Paul Carpenito has served as the Group CISO since September 2024.
  • As of March 2026, the company is actively recruiting for roles such as 'Markets Product Security Engineer' and 'Security Engineer - Detection Engineering & Automation.'.

Key Initiatives

  • Current AppSec initiatives at ION include scaling the Secure SDLC through CI/CD automation and the development of 'paved road' architectures.
  • The team manages a vulnerability intake process that aggregates findings from automated tools, penetration tests, and a Vulnerability Disclosure Program (VDP)/bug bounty.
  • Operational workflows include performing pragmatic threat modeling, design reviews, and hands-on code reviews for high-risk areas.
  • They are also focused on supply chain security through SCA and SBOM management.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.