Security Engineer

Job Description

What to expect:
 Provide security consultancy in area of threat and risk assessment throughout the system
lifecycle from implementation to maintenance.
 Perform security operational work including security configuration, setup of applications or
solutions to meet security requirements, patching, upgrading security patches
 Plan and participate in areas of security operations to ensure that processes meet defined
information security policies and standards, and evolving security threats.
 Perform vulnerability assessment using automated tools and recommend actionable follow up
to remediate the vulnerabilities and/or threats uncovered
 Lead and manage security assessments of system that include configuration review, vulnerability
scanning and penetration testing.
 Work with stakeholders in the team to remediate risks by proposing suitable mitigation
measures
 Develop and maintain security operations related playbooks and standard operating procedures
 Lead implementation of enterprise security infrastructures which includes Contractor
management, design validation and test acceptance.
 Perform maintenance on the enterprise security infrastructures that covers service and security
posture upkeep.
 Develop correlation rules in Security Information Event Management (SIEM) system to detect
anomalies or security threats through monitoring.
 Escalate security incident alert to respective system owner and assist in containment and
recovery from the security incident.
How to succeed:
 Experience in management, deployment and maintenance of zero trust security infrastructure
 Experience in end user device management, network security, secure design and incident
response.
 Experience in, information security office, security consultancy and security operation an
advantage
 Experience in effectively managing contractors and work in cross functional teams
 Up-to-date knowledge on the various security technologies
 Bachelor's degree computer science, information systems or related field.
 Security Certifications like CISA, GSEC, CISSP an advantage
 Experience in public sector technical writing and procurement processes an advantage
 Experience with DevSecOps methodology and toolsets
 Experience with Agile methodology and using common documentation, ticketing tools (e.g., Jira,
Confluence)
 Experience with vulnerability assessment and penetration testing in an enterprise setting
 Experience in using cloud security tools and configuration AWS and Azure
 Familiarity with well known security and compliance frameworks such as ISO 27001, NIST
Cybersecurity framework
 Familiarity with using container (e.g., Docker) and container orchestration (e.g., Kubernetes