Security Engineer

About The Position

Requirements

• 5 - 8 years Application and/or Infrastructure security experience
• ISO experience or certification
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• AZ-500 (Microsoft Certified: Azure Security Engineer Associate)
• CySA+ (CompTIA Cybersecurity Analyst+)
• CEH (Certified Ethical Hacker)

Responsibilities

• Oversee the operational use and effectiveness of application security tools, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA).
• Collaborate with development and DevOps teams to integrate security testing into the CI/CD pipeline and ensure vulnerabilities identified by these tools are triaged and remediated effectively.
• Provide guidance on interpreting scan results and prioritizing remediation efforts for application-level vulnerabilities.
• Handling container security, ensuring base images are updated
• In-depth knowledge and hands-on experience with Microsoft Azure security services, specifically Microsoft Defender for Cloud, Entra ID and Azure Sentinel (SIEM/SOAR)
• Proficiency in assessing and hardening Azure environments, including IaaS, PaaS, and network security configurations.
• Defining and enforcing policies for Terraform, ARM templates, or Bicep.
• Proactively manage and conduct regular vulnerability assessments and remediation efforts for our infrastructure using Microsoft Defender for Cloud
• Ensure continuous security posture management for cloud and hybrid environments, identifying misconfigurations and security weaknesses.
• Work with relevant teams to prioritize and implement recommended security controls and patches identified through Defender for Cloud.
• Work with Security team on other technical security related issues.
• Maintain security tools and software
• Consult with developers on application security
• Manage security ticketing system