Information Security Engineer

The Information Security Engineer is responsible for designing, implementing, and maintaining the organization's security infrastructure to protect its information assets from cyber threats. This role involves conducting security assessments, responding to security incidents, and ensuring compliance with security policies and regulations. The ideal candidate will have strong technical expertise in cybersecurity, experience with security tools and technologies, and the ability to develop and enforce security best practices.

Key Responsibilities:

• Security Infrastructure Management:
  • Design, implement, and manage security solutions, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection.
  • Monitor and maintain the organization's security infrastructure to ensure optimal performance and protection against threats.
  • Regularly update security systems to protect against new vulnerabilities and threats.
• Security Assessments and Audits:
  • Conduct regular security assessments, including vulnerability scans and penetration testing, to identify potential risks.
  • Work with internal and external auditors to ensure compliance with security standards and regulations.
  • Prepare and present security assessment reports to management, providing recommendations for improvement.
• Develop and maintain the organization's incident response plan, including procedures for detecting, responding to, and recovering from security incidents.
• Act as the primary point of contact during security incidents, leading the investigation and resolution efforts.
• Analyze and document security incidents, including root cause analysis and lessons learned, to prevent future occurrences.
• Security Policy and Compliance:
  • Develop, implement, and enforce security policies, standards, and best practices across the organization.
  • Ensure compliance with industry standards and regulatory requirements, such as GDPR, HIPAA, and PCI-DSS.
  • Conduct regular security training and awareness programs for employees to promote a security-conscious culture.
• Threat Intelligence and Monitoring:
  • Continuously monitor security alerts and intelligence feeds to stay informed of emerging threats and vulnerabilities.
  • Analyze threat intelligence to assess potential risks to the organization and take proactive measures to mitigate them.
  • Utilize security information and event management (SIEM) systems to detect and respond to security incidents in real-time.
• Security Architecture and Design:
  • Collaborate with IT and development teams to integrate security into the design of new systems, applications, and networks.
  • Review and evaluate new technologies and solutions to enhance the organization's security posture.
  • Ensure that security architecture aligns with the organization's overall IT strategy and business objectives.
• Collaboration and Communication:
  • Work closely with other IT teams to ensure that security measures are effectively implemented and maintained.
  • Provide security guidance and expertise to support the development and deployment of new IT projects.
  • Communicate complex security concepts and risks to non-technical stakeholders in a clear and understandable manner.
• Stay updated on the latest cybersecurity trends, threats, and technologies to continuously improve the organization's security posture.
• Identify and recommend opportunities to enhance security processes, tools, and techniques.
• Participate in industry forums and professional development activities to stay current in the field of information security.

• Strong background in computer science, network engineering
• Time Management
• Communication
• Hands-on experience with security systems like firewalls, intrusion detection systems, anti-virus software, and authentication systems
• Knowledge about secure coding practices.