Security Engineer II
Full Job Description
We need a meticulous Security Engineer. Is it you?
The Security Engineer will be responsible for ensuring that Company’s cloud infrastructure and platforms are constantly effective, secure, and constructed to resist unanticipated situations. You will create a security architecture and implement cloud security/cybersecurity best practises for Corporate products/platforms/services. You will contribute to the proactive enhancement of security standards.
- Implement, setup, test, and manage cloud security and cyber security technologies and services throughout the company.
- Compliance, vulnerability management, patching procedures, and preventive security measures/services/tools are all owned.
- Promote cloud security and cyber security standards, best practises, and mentality.
- Assist the team by documenting security policies, procedures, and runbooks Develop secure engineering processes.
- Review the information security threat/event dashboard and security scanning tool output (threat intelligence, etc.) to identify how to scale mitigation. Resolve issues with information security leaders.
- Create a software to fix vulnerabilities found during our security testing methods.
- Create and manage automation to increase the efficiency of the vulnerability management programme from identification through remediation and mitigation.
- Work with teams to triage problems and give CVSS risk ratings.
- Monitor third-party programme release cycles for security upgrades or bug fixes that impact the business ecosystem.
- Evaluate new solutions and design supporting parts to safely integrate new technology.
- Tracking and identifying security concerns, misconfigurations, threats, vulnerabilities, possibly unusual flows and interactions, etc.
- Use a log ingestion platform to identify attacker strategies, approaches, and trends.
- Play a critical part in security incident response. Any security issue must be reported promptly. Give IT support employees Tier-3 assistance. Provide on-call help as required.
- Every day brings new challenges and collaboration with other technical teams.
- Other tasks as given.
What we expect from you:
- Bachelor’s/degree Master’s in computer science or equivalent subject.
- 2–4 years in cloud security or similar fields.
- Working understanding of and expertise with significant security control/assessment frameworks such as CSF, ISO 2700x series, or CIS/SANS TOP20.
- AWS Compute, Storage, Networking and Security services hands-on experience
- Proxies, SIEM, DLP, WAF, IDS/IPS, VAPT and EDR.
- Networks, systems, firewalls, and clouds
- Expertise in Data Security.
- It’s a bonus if you’ve used Amazon Web Services (AWS) services like CloudFront and AWS Control Tower.
- Enjoys security work and has extensive knowledge in the field.
- Common security risks and exploitation techniques. You can harden servers, patch security gaps, and install firewalls.
- Understanding of Web, App, Data, Data Center, Distributed System, and Cloud Computing.
- Working knowledge in installing, configuring and troubleshooting UNIX/Linux systems.
- Automation software experience (SaltStack, Ansible, CloudFormation, etc).
- Scripting prowess (e.g., Shell scripts, Python).
- familiarity with web app security OWASP (SQL Injection, XSS, CSRF, RCE, IDOR etc.)
- Problem, incident, and disaster management knowledge.
- Excellent analytical and decision-making abilities.
- good communicator (written, verbal, and face-to-face).
- Professional qualifications (SSCP, CISSP) will be an advantage.
- Willingness to sign a confidentiality agreement.
Be who you are at work
It is our goal to be the catalyst for change that inspires us to take action in the workplace. Work should be a place where your true self can be fully expressed. We’re working hard on making that happen for you.
If you are interested in this opportunity, send an email to firstname.lastname@example.org.