Security Engineer

Date: 12 Sept 2024

Location:

Sri lanka, AE

Company: Information Systems Associates - Sri Lanka (ISSL)

Job Purpose

Engineers solutions in alignment with the Information security roadmap and maintains processes for the delivery of highly complex secure systems, cyber solutions & systems, technical

projects, and regulatory & risk requirements. Facilitates process engineering, risk remediation, and mitigation of operational risk in a high-velocity culture by collaborating to introduce technology, requirements, deliverables, gaps, and systems design.

Key Result Responsibilities

• Serves as the subject matter expert for supported security technologies and during escalations; provides direction to infrastructure, operations, data, and application developments groups throughout the transitioning phase, implementation in production, and beyond.
• Plans and directs the implementation and testing of security systems concept and architecture, and prepares security standards, policies, and procedures.
• Implements security solution for ISA products like (DDOS,WAF…) and for Network (IPS & IDS…); ensures security levels for all new appliances; recommends improvements where applicable.
• Evaluates ISA/Clients standards, security controls, and industry best practices to determine network information security requirements and specifications and achieve successful solution delivery.
• Maps all existing processes required for network and applications with focus on security architecture.
• Ensures all applications within ISA are in line with agreed measures, compliant with PCIDSS standards and with audit and legal requirements.
• Applies security DevOps best practices and methodologies integrated with DevOps processes by specifying intrusion detection methodologies and equipment; prepares preventive and reactive measures; creates, transmitting, and maintaining keys.
• Conducts system security and vulnerability analyses and risk assessments, analyzes cyber technologies, metrics models and performance indicators, to recommend the appropriate architecture/platform.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducts incident response analyses; maintains knowledge of engineering next-gen designs, security trends, threats, and attack techniques.
• Regularly undertakes penetration testing across the network and application to assess performance capabilities (reliability, maintainability, and availability) versus security and risk, provides feedback to Governance team.
• Builds and maintains effective relationships with security partners and vendors, management, peers, project managers, and internal customers.
• Defines system security reports that provide insight into potential threat issues and threat analysis.
• Updates job knowledge by tracking and understanding emerging security practices and standards. Conducts necessary trainings for ISA/clients when required.
• Performs any other additional duties as directed by the line manager
  
  

Key Result Responsibilities-Continued

Qualifications (Academic, training, languages)

Work Experience

4 to 7 years in enterprise level IT environment, 24x7 critical operations in any service industry working as Security

Engineer or similar role.

Proven experience in the design of the practice network security architectures for large networks.

In-depth knowledge of two or more security technology platforms and tools (VMS, Brand abuse protection systems, DarkWeb monitoring, Elastic, MS defender…)

Operations and management of technology platforms – both internally and externally hosted.

Hands on technical leadership, technical solutions design, and architecture.

Proven skills in analyzing data, identifying pitfalls and recommending cost-effective solutions.

Capable of conducting cost-benefit analysis for IT investments.

Cost-oriented, possesses effective problem solving and decision-making skills.

Detail oriented, works well under pressure.

Ability to interact with a broad cross-section of personnel to explain and enforce security measures

Employs technical expertise, and interpersonal relations to achieve company’s objectives.