As a Senior Security Engineer, reporting to the Head of Information Security, you will be responsible for designing, implementing, and maintaining secure systems and networks. You will work closely with cross-functional teams within the Technology department to ensure that systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access and other security risks. You will be responsible for identifying vulnerabilities and potential threats, conducting risk assessments, and developing and implementing security solutions to mitigate risks. You will also be involved in incident response, security monitoring, and security policy development. Key Responsibilities:
· Design, implement, and maintain secure systems and networks, including servers, routers, switches, firewalls, intrusion detection/prevention systems, and other security devices.
· Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities.
· Develop and implement security measures, policies, and procedures to protect systems and networks against unauthorized access, data breaches, and other security incidents.
· Monitor and analyze security logs and events, and respond to security incidents in a timely manner.
· Conduct security audits and assessments to ensure compliance with applicable regulations, industry best practices, and organizational security policies.
· Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
· Provide technical expertise and guidance to IT and network engineering teams to ensure that security controls are effectively implemented and maintained.
· Stay updated on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
· Participate in incident response activities, including investigation, containment, recovery efforts, and on-call support as needed.
· Provide training and awareness programs to educate employees and users about security best practices and procedures. Qualifications:
· Bachelor’s degree in Computer Science, Information Technology, or related field.
· Relevant professional certifications, such as CISSP, CISM, CEH, or other security certifications.
· Minimum of 8-10 years of experience in system security engineering, network security, application security, cloud security or a related field.
· Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and Cloud Security Alliance, CIS Critical Security Controls.
· Hands-on experience with security technologies, such as firewalls (e.g. Palo Alto, Cisco), IDS/IPS, SIEM (e.g., Sumo Logic, FortiSIEM, Splunk), EDR (e.g., Crowdstrike), CASB, IAM, and vulnerability scanning tools.
· Experience with risk assessment, penetration testing, and incident response methodologies.
· Strong understanding of networking concepts and protocols, such as TCP/IP, VLANs, VPNs, and routing/switching.
· Familiarity with security-related regulations, such as GDPR, HIPAA, and PCI-DSS.
· Excellent analytical, problem-solving, and troubleshooting skills.
· Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
