IT Security Engineer

• Develop and oversee key performance indicators (KPIs) for security.
• Oversee service level agreements (SLAs) for security operations and create risk-based dashboards for reporting.
• Create and implement a comprehensive vulnerability management program, including managing activities related to vulnerability assessment (VA) and penetration testing (PT).
• Develop and implement security programs for network, server, and cloud environments, including onboarding processes and pre- and post-scanning activities.
• Conduct periodic configuration reviews based on CIS benchmarks.
• Manage the application security program by identifying and mitigating risks in collaboration with business application teams.
• Collaborate in managing the endpoint security, network security, and server security programs.
• Collaborate in managing the overall security operations management program.

Requirements

• At least 3-5 years of documented work experience in security engineering.
• Prior practical knowledge of web, mobile, and cloud security.
• Hands-on experience in constructing and maintaining security measures such as firewalls, intrusion detection systems, antivirus software, authentication systems, content filtering, etc.
• Thorough understanding of IT infrastructure concepts across all layers, including Servers, Networks, End User Computing, and Cloud.
• Experience in designing and implementing risk-based information security programs.
• Hands-on experience in implementing standards such as ISO 27001, NIST, CIS, or equivalent.
• Hands-on experience in designing, implementing, and managing Data Leak Prevention programs.
• Hands-on experience in conducting application security assessments, both manual and tool-based.
• Gained solid understanding of OWASP, CIS, and NIST guidelines for application security.
• Experience in utilizing anti-malware solutions.
• Experience in designing security programs for cloud services, including IAAS, PAAS, and SAAS.
• Hands-on experience with native cloud security capabilities.
• Experience in implementing cloud security solutions like CASB.
• Excellent communication and presentation skills.
• Experience in collaborating with mid-level and senior-level management, with the ability to understand business processes and requirements.
• Understanding and effectively communicating security risks to core technology teams and business functions.
• Preferred certifications: CISSP, CCSP, CISM, ISO 270001 LI/LA.