Security Engineer

IT Security Officer with at least 3 years of experience in developing, implementing, and maintaining comprehensive information security programmes for enterprise environments. The candidate should possess in-depth knowledge and hands-on experience in the following core areas:

(Must Have)

• Information Security Governance (Core): (A)
• Knowledge of information security policies, standards, and procedures
• Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR, HIPAA)
• Conducting regular risk assessments and managing the organisation's risk register
• Threat Detection and Response (Core): (D)
• Managing Security Information and Event Management (SIEM) systems
• Experience with Endpoint Detection and Response (EDR) solutions
• Developing and maintaining incident response plans and procedures
• Vulnerability Management (Core) (E)
• Conducting regular vulnerability assessments and penetration testing
• Managing the patch management process across the organization
• Experience with vulnerability scanning tools and remediation strategies
• Compliance and Auditing (Core): (H)
• Ensuring compliance with relevant industry standards and regulations
• Conducting internal security audits and supporting external audits
• Preparing and maintaining security-related documentation for compliance purposes

(Good to Have)

• Security Architecture: (B)
• Knowledge of zero-trust security models and microsegmentation
• Knowledge of secure cloud architectures and cloud security best practices
• Security Architecture: (C)
• Managing IAM solutions
• Experience with multi-factor authentication (MFA) and single sign-on (SSO) technologies
• Proficient in privileged access management (PAM) strategies
• Data Protection (Core): (F)
• Knowledge of data loss prevention (DLP) strategies
• Experience with encryption technologies for data at rest and in transit
• Knowledge of data classification and handling procedures
• Security Awareness and Training: (G)
• Developing and delivering security awareness training programmes
• Creating and maintaining security documentation and guidelines for end-users
• Promoting a culture of security within the organization
• Third-Party Risk Management (I):
• Assessing and managing security risks associated with vendors and third-party service provider
• Developing and enforcing security requirements for third-party contracts
• Cloud Security (Core): (J)
• Understanding of cloud security principles and best practices
• Experience securing multi-cloud and hybrid cloud environments
• Knowledge of cloud access security brokers (CASB) and cloud security posture management (CSPM)- Application Security (Core): (K)
• Familiarity with secure software development lifecycle (SDLC) practices
• Experience with application security testing tools and methodologiesKnowledge of web application firewalls (WAF) and runtime application self-protection (RASP)
• Operational Technology (OT) Security: (L)
• Understanding of OT security principles and challengesExperience securing industrial control systems (ICS) and SCADA environments
• Emerging Technologies: (M)
• Keeping abreast of emerging security technologies and threats
• Evaluating and recommending new security solutions as needed