The Information Security Engineer is responsible for designing and maintaining enterprise IT security solutions to address the organization's security requirements.
You will be responsible for building, running and improving the security tools in the organization's security platform. You play a key role in protecting the organization.
Applicants with team leading experience can manage a small team of operations focused security Engineers.
Direct report to the Information Security Architecture and Engineering Lead, this role will work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.
Engineer, implement and monitor security measures for the protection of computer systems, networks and information
Identify and define system security requirements
Design computer security architecture and develop detailed cyber security designs
Prepare and document standard operating procedures and protocols
Configure and troubleshoot security systems and infrastructure devices
Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Work with product vendors and suppliers to maintain and enhance existing security tooling and products
Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
Ensure that the company knows as much as possible, as quickly as possible about security incidents
Proven work experience as a System Security Engineer or Information Security Engineer
Experience in building, maintaining and operating security systems and platforms
Hands on experience in a number of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data loss prevention systems, web proxies, etc
Experience with network security and networking technologies and with system, security, and network monitoring tools
Thorough understanding of the latest security principles, techniques, and protocols (such as zero trust, etc)
Problem solving skills and ability to work under pressure
Must have strong information security technology knowledge / concepts and can effectively communicate with senior management and a broad range of technical / non-technical audiences.
Strong written communication skills and verbal presentations to senior management.
Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
Good presentation, project planning and documentation skills
Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network / web related protocols
Familiarity with application, database and operating system security
Familiarity with cloud security technologies (AWS or Azure is preferred)
Familiarity with risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP, NIST Cybersecurity Framework
Familiarity in scripting or automation is an added advantage
Familiarity with Identity and Lifecycle management is an advantage
Previous experience in regulated environments is an added advantage