Senior Information Security Engineer

About The Position

Requirements

• In-depth understanding of Microsoft operating systems and its security (server and workstation).
• Understanding of authentication Ad and AAD.
• Understanding of authentication methods.
• Understanding of networking.
• Understanding of email security.
• Understanding of DevSecOps.
• Proficiency in scripting/PowerShell.
• Knowledge of IT security concepts and tools.
• Good documentation skills.
• Good communication skills.
• Ability to operate with minimal supervision.
• Responsible managing projects.
• Willingness to be a role model and team leader.
• Experience in networking.
• Experience in systems.
• Experience in Azure architecture and security.
• Experience in DevSecOps.
• Experience in scripting/PowerShell.
• Experience in SQL.
• Experience with IDS/IPS.
• Knowledge of MFA architectures.
• Knowledge of O365 architecture.
• Knowledge of email security.
• Knowledge of Azure.
• Responsible leadership ability in management or supervisory positions.
• Azure and Office 365 experience is needed.

Nice To Haves

• Advanced level IT Certification such as CISSP, CPTE, CCIE Security, SCYBER, CISM, CASP, CCSK, CCDP, CCNP Security, CEH, CISA, GSLC, GCED, AZ-500.

Responsibilities

• Provide guidance and expertise in the field of risk management regarding the protection and security of digital assets in the cloud and on premise.
• Maintain and improve Information Security Architectures in line with the CIA triad.
• Maintain and improve information security policies and procedures; develops security guidelines and safe practices for computing and networking systems and maintain the documentation.
• Manage, maintain, and monitor security technologies such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
• Manage real-time threat detection technologies to identify and quarantine threats, Monitor Endpoint Security; alerts and takes corrective action.
• Minimize security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan.
• Monitor internal control systems to ensure appropriate access levels are maintained, protect against unauthorized system access, modification and destruction.
• Review security-related reports, logs and occurrences; escalate issues and initiate security response procedures.
• Create and review vulnerability reports, track compliance with vulnerability management policies and procedures in accordance to established ISO 27001:2013 guidelines.
• Research and evaluate emerging technologies in support of security technology enhancements, propose technical solutions to management, to address security weaknesses and coordinate with relevant stakeholders to implement.
• Reviews, updates, and enforces data security practices within the organization; tests for exposures to ensure adherence to guidelines and procedures and works with platform experts to implement remedial measures as appropriate.
• Tests security controls and manages the associated remediation of any deficiencies as needed.
• Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
• Perform Project Management tasks for security initiatives /projects.
• Manage incident-handling processes, which include implementation of containment, protection, and remediation activities.
• Coordinates the handling and resolution of security incidents, to include system intrusions and abuse, and acts as a primary point of contact.
• Develop responses to internal & external audits, penetration tests and vulnerability assessments.
• Support Information Security training and awareness by providing ideas and content, assist HR with employee security awareness education and training.
• Manage multiple priorities and deadlines concurrently.
• Act as a team leader and role model.