We are seeking a Senior Cybersecurity Engineer | Information Technology (IT) Security Engineer to join our information security team. In this role, you will help protect the organization’s networks, systems, and data by implementing security best practices and responding to cyber threats. You will work on a broad range of security domains – from network and cloud security to incident response and compliance – ensuring our enterprise remains resilient against evolving cyber risks. The ideal candidate has a strong technical background in cybersecurity, excellent problem-solving skills, and the ability to collaborate across teams to uphold a robust security posture.

Key Responsibilities :

• Network Security: Implement and maintain network security measures (firewalls, VPNs, intrusion detection/prevention systems, network segmentation, etc.) to safeguard the organization’s IT infrastructure. Monitor network traffic for suspicious activity and remediate vulnerabilities in network architecture.

• Vulnerability Management: Conduct regular vulnerability assessments and penetration testing on systems and applications. Prioritize, track, and remediate identified vulnerabilities by working with IT and development teams to implement patches or configuration changes.
• Security Incident Response: Monitor security alerts and threat intelligence feeds to promptly identify potential incidents. Lead or contribute to incident response efforts by investigating security breaches, containing and mitigating threats, performing root-cause analysis, and implementing follow-up measures to prevent recurrence.
• Security Compliance: Ensure the organization’s security policies and controls comply with internal standards and external regulations. Support audits and assessments related to frameworks such as ISO 27001, GDPR, or other relevant standards. Develop and maintain documentation for security procedures, incident reports, and compliance evidence.
• Risk Assessment: Continuously evaluate security risks across networks, systems, and processes. Perform risk assessments for new projects, technologies, or vendors, and recommend appropriate security controls and risk treatment plans. Present risk findings and mitigation strategies to stakeholders in a clear, professional manner.
• Cloud Security: Develop and enforce cloud security best practices for applications and infrastructure in public/private cloud environments (e.g., AWS, Azure, GCP). Work with cloud architects to ensure secure configuration of cloud services, implement cloud-native security tools, and manage identity and access management, data protection, and monitoring in the cloud.
• Collaboration & Training: Collaborate with cross-functional teams (IT operations, software development, DevOps/DevSecOps, etc.) to integrate security into system designs, software development life cycle (SDLC), and deployment processes. Provide guidance and mentorship on security best practices to team members and assist in security awareness training efforts across the organization.
• Continuous Improvement: Stay up-to-date with the latest cybersecurity threats, trends, and technologies. Proactively research and recommend new security techniques, tools, or controls. Continuously improve incident response plans, security monitoring capabilities, and overall security architecture to adapt to the evolving threat landscape.

Qualifications & Skills (Required)

• Cybersecurity Knowledge: Solid understanding of cybersecurity principles, frameworks, and best practices. Familiarity with standards and frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001, and CIS Critical Security Controls.
• Network Security & Infrastructure: Proficiency in network security and networking concepts (TCP/IP, routing, switching). Hands-on experience with managing and securing network devices and technologies, including firewalls, IDS/IPS, VPNs, and wireless security.
• Cloud Security: Demonstrated experience with cloud security in environments such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). Ability to assess cloud architectures for security issues and implement cloud-native security controls and monitoring.
• Penetration Testing & Vulnerability Assessment: Strong skills in performing vulnerability scans, penetration testing, and security audits. Ability to interpret scan results, exploit findings for proof-of-concept, and guide teams in remediating vulnerabilities.
• Threat Intelligence & Risk Assessment: Strong understanding of threat intelligence and common attack vectors. Experience analyzing threat data and applying risk assessment methodologies to prioritize and address potential threats.
• Security Tools: Hands-on experience with a range of security tools and technologies. This includes managing SIEM platforms (Security Information and Event Management) to analyze security events, configuring and tuning IDS/IPS and firewalls, using endpoint protection/EDR solutions, and possibly security orchestration and automation tools.
• Incident Response & Monitoring: Familiarity with incident response processes and playbooks. Ability to triage security events, perform forensic analysis on logs or endpoints, and coordinate response efforts. Experience with monitoring tools and analyzing system/application logs for security anomalies is important.
• Analytical & Problem-Solving Skills: Excellent analytical skills with keen attention to detail. Capable of thinking like an attacker to anticipate malicious behavior and identify weaknesses. Strong problem-solving abilities to quickly resolve complex security issues under pressure.
• Communication & Collaboration: Effective written and verbal communication skills. Able to clearly document security findings and convey technical information to both technical and non-technical stakeholders. Strong collaboration skills to work as part of a team and to influence others in implementing secure practices across the organization.

Education & Experience (Required)

• Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Equivalent combination of education and experience may be considered for exceptional candidates.
• Experience: Over 5 years of hands-on experience in cybersecurity roles (e.g., Security Engineer, Security Analyst, or similar). Proven track record in implementing security measures and managing security operations in a mid-sized to large enterprise environment. Experience should include exposure to network and system security, incident response, and working with security frameworks or compliance requirements.

Certifications (Required)

Candidates must hold at least one of the following professional security certifications:

• CISSP – Certified Information Systems Security Professional
• CCSP – Certified Cloud Security Professional
• OSCP – Offensive Security Certified Professional
• CEH – Certified Ethical Hacker
• CISA – Certified Information Systems Auditor
• CISM – Certified Information Security Manager
• ISO 27001 Certification (Information Security Management Systems)

Having one or more of the above certifications will demonstrate the candidate’s commitment to industry best practices and a solid foundation in cybersecurity knowledge. Certification must be current and in good standing.

Preferred Qualifications (Nice to Have) 

• Security Automation & DevSecOps: Knowledge of automation and scripting to enhance security monitoring or incident response (e.g., using Python, PowerShell, or automation tools). Experience with DevSecOps practices, integrating security into CI/CD pipelines, and working with tools like Docker, Kubernetes, or infrastructure-as-code from a security perspective.
• Regulatory Compliance: Experience with industry and regulatory compliance standards is a strong plus. Familiarity with regulations/standards such as GDPR (data protection), NIST guidelines, SOC 2 trust principles, or other compliance frameworks. Ability to help align security policies and controls to meet compliance requirements and to participate in compliance audits or assessments.
• Additional Certifications: Additional relevant certifications or training (e.g., GIAC certifications like GSEC, GCIH, cloud provider-specific security certifications, ISO 27001 Lead Auditor/Implementer) are advantageous.
• Advanced Education: A Master’s degree in Information Security or a related field can be a plus, as is a demonstrated commitment to continuous professional development through conferences, workshops, or contributions to the cybersecurity community.