InfoSec Engineer

Expected Qualifications that impact our decision

Enterprise Security Architecture Understanding & Experience - a comprehensive framework that outlines the structure, policies, and procedures for securing an organization's information systems. It ensures that the security measures align with business objectives and regulatory requirements. A robust ESA provides a layered defense strategy, minimizing vulnerabilities and mitigating risks.

InfoSec Key activities understanding & experience

- Risk Assessment: Identifying, evaluating, and prioritizing risks to the organization's information assets.

- Policy Development: Creating comprehensive security policies and procedures that align with regulatory requirements and best practices.

- Access Control: Implementing measures to ensure that only authorized individuals can access sensitive information.

- Incident Response: Developing and executing plans to handle security breaches effectively, minimizing damage and ensuring quick recovery.

- Security Awareness Training: Educating employees on security best practices, potential threats, and how to respond to security incidents.

- Monitoring and Auditing: Continuously monitoring systems for suspicious activity and conducting regular audits to ensure compliance with security policies.

Security Technology Experience

- Microsoft Sentinel

- Microsoft Defender

- Crowds Strike

- Palo Alto Networks

- Cisco Firepower / ASA

- Cisco Umbrella

- CATO

Zero Trust and SASE: Understanding and Experience

- Implementing multi-factor authentication (MFA) for all users and devices.

- Micro-segmentation to isolate sensitive data and applications.

- Continuous monitoring and analysis of user activities and behaviors.

- Least privilege access to minimize potential attack vectors.

- Integrating security services such as secure web gateways (SWG), cloud access security brokers (CASB), and zero trust network access (ZTNA).

- Implementing software-defined WAN (SD-WAN) for optimized and secure connectivity.

- Deploying and managing SASE solutions to provide seamless and secure access to cloud and on-premises resources.

- Utilizing SASE to enhance network visibility and control, ensuring compliance with security policies.