IT Security Engineer

Brief Description
Key Responsibilities

• Security Strategy & Architecture

• Develop and refine security policies, procedures, and protocols.

• Collaborate with IT leadership to align security initiatives with business objectives.
• Evaluate and recommend new security technologies and solutions.

• Threat Assessment & Incident Response

• Conduct risk assessments and vulnerability scans, identifying and mitigating threats.

• Lead incident response efforts, including investigation, containment, and recovery.
• Provide post-incident analysis and recommendations to prevent future breaches.

• Security Operations & Monitoring

• Oversee day-to-day security operations, including intrusion detection/prevention systems (IDS/IPS).

• Implement and manage security tools such as SIEM, firewalls, endpoint protection, etc.
• Monitor system logs, network traffic, and event alerts for anomalous activity.

• Compliance & Governance

• Ensure adherence to industry regulations (e.g., GDPR, HIPAA, PCI-DSS) and internal policies.

• Develop and maintain security documentation, including standards, guidelines, and best practices.
• Partner with internal audit teams and external assessors to maintain compliance and remediate gaps.

• Security Awareness & Training

• Conduct training sessions and workshops to promote a security-conscious culture.

• Collaborate with HR and department heads to develop ongoing security awareness programs.

• Collaboration & Stakeholder Management

• Work closely with cross-functional teams (IT Operations, Development, Legal, etc.) to implement secure solutions.

• Coordinate with external vendors and partners to ensure secure integrations and service-level agreements.

• Hands-On Technical Expertise

• Participate in security configurations, deployments, and troubleshooting.

• Conduct penetration testing (or coordinate with external teams) to evaluate and strengthen defenses.
• Serve as an escalation point for complex security incidents and technical challenges.

• Continuous Improvement

• Stay updated on emerging threats, industry trends, and regulatory changes.

• Provide strategic recommendations to enhance security tools, processes, and policies.

Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or equivalent skills

• Experience: 5+ years in IT security roles, with demonstrable experience Technical Expertise:

• Familiarity with on-premises and cloud environments (e.g., AWS, Azure).

• Proficiency in security tools (firewalls, IDS/IPS, SIEM, endpoint security).
• Hands-on experience in threat analysis, incident response, and penetration testing.
• Certifications (preferred): CISSP, CISM, CEH, OSCP, or related.

• Soft Skills:

• Strong leadership and communication skills.

• Ability to explain complex security concepts to non-technical audiences.
• Excellent problem-solving, critical thinking, and analytical abilities.