We are seeking a highly skilled and experienced Senior Information Security Engineer to join our team. The ideal candidate will be responsible for designing, implementing, and maintaining security measures to protect our organization's computer systems, networks, and SaaS products. This role requires a hands-on approach to identifying vulnerabilities, implementing solutions, and staying abreast of the latest security trends and technologies. The Senior Information Security Engineer will collaborate closely with cross-functional teams to ensure the confidentiality, integrity, and availability of our systems and data.
Responsibilities:
Security Tooling: Deploy, maintain, integrate, and perform initial configuration of security tools.
Vulnerability Management: Coordinate and conduct regular security assessments, penetration testing, and vulnerability scans to identify and address security weaknesses proactively.
Incident Response: Lead incident response efforts to promptly detect, analyze, and mitigate security incidents and breaches. Develop and maintain incident response plans and procedures.
Security Operations: Monitor security logs and alerts, investigate suspicious activities, and respond to security events in real-time. Implement and maintain security tools and technologies to enhance our security posture.
Identity and Access Management: Manage user access controls, authentication mechanisms, and identity management systems to ensure appropriate levels of access and privilege.
Security Awareness: Promote security awareness and best practices among employees through training sessions, communication campaigns, and ongoing education initiatives.
Research and Development: Stay updated on emerging threats, vulnerabilities, and security technologies. Evaluate new security products and technologies to enhance our security infrastructure.
Documentation: Create and maintain detailed documentation of security policies, procedures, configurations, and incident response plans.
Collaboration: Work closely with cross-functional teams, including IT, engineering, and compliance, to integrate security into all aspects of our systems and operations.
Qualifications:
At least 5 years of experience in information security, with a focus on hands-on security engineering and operations.
In-depth knowledge of networking protocols, operating systems, and cloud technologies.
Strong understanding of security principles, practices, and frameworks (e.g., PCI, NIST, ISO 27001).
Experience with security tools such as SIEM, IDS/IPS, endpoint protection, and penetration testing tools.
Relevant certifications such as CISSP, CISM, or CEH are highly desirable.
Excellent analytical and problem-solving skills, with the ability to identify and mitigate security risks effectively.
Strong communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
