Information Security Engineer

We are looking for a Security Engineer to join our cybersecurity team and enhance our security posture. The Security Engineer will be responsible for implementing, configuring, and maintaining security solutions, as well as providing technical security guidance to various departments within the Group. The ideal candidate will have experience securing internal products, third-party applications, cloud environments, virtualization stacks, and containerized workloads. Additionally, they should be skilled in conducting security assessments, reviewing code for vulnerabilities, educating teams on security best practices, and effectively communicating security risks to both technical and non-technical stakeholders.

Responsibilities

• Assist infrastructure teams in deploying, configuring, and maintaining security solutions such as SIEM, EDR/AV, DLP, IDS/IPS, WAF, IAM, and cloud security tools.
• Ensure seamless integration of security tools across the company and assess third-party integrations and vendor solutions for security risks.
• Tune and optimize security monitoring solutions to reduce false positives and enhance detection capabilities.
• Act as a security advisor for developers, DevOps, IT, business teams, and other stakeholders, ensuring security best practices are integrated into their workflows.
• Conduct security code reviews for internal applications and third-party solutions.
• Perform security assessments on virtualization environments, containers, cloud platforms, APIs, and network architectures.
• Identify and mitigate vulnerabilities related to OWASP Top 10, misconfigurations, insecure integrations, and emerging threats.
• Work closely with engineering teams to remediate identified security risks efficiently.
• Assist in developing and delivering security awareness training for employees.
• Train development and infrastructure teams on secure coding practices, security automation, and vulnerability mitigation techniques.
• Stay up to date with current threats, vulnerabilities, and attack techniques.
• Help the company improve its security posture and ensure compliance with industry standards (ISO 27001).
• Clearly communicate technical security findings to non-technical stakeholders, leadership, or regulatory bodies.
• Document PoCs (Proof of Concepts) and security tests effectively.