Information Security Engineer

Overview:

Our client is seeking an experienced Information Security Engineer to lead and strengthen their security operations. This role will focus on monitoring, detecting, and responding to cyber threats, managing security technologies, driving vulnerability management initiatives, and ensuring compliance with industry regulations. The position will work closely with IT, engineering, and risk management teams to maintain a secure and resilient environment.

Key Responsibilities:

1. Security Operations & Incident Response

• Lead and enhance the operations of the Security Operations Center (SOC), ensuring timely monitoring, detection, and incident response.
• Manage and optimize the use of SIEM, EDR, IDS/IPS, and other security technologies.
• Oversee the full incident response lifecycle, including investigation, containment, eradication, and recovery.
• Conduct post-incident reviews and implement continuous improvements.

2. Vulnerability & Threat Management

• Coordinate vulnerability scanning, penetration testing, and remediation activities.
• Stay informed of emerging threats and ensure proactive security measures are implemented.
• Partner with IT and engineering teams to address vulnerabilities and harden systems.

3. Security Compliance & Risk Management

• Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, MAS TRM, GDPR).
• Support internal and external audits, risk assessments, and regulatory reviews.
• Maintain and continuously update security policies, standards, and procedures

4. Security Awareness & Collaboration

• Lead security awareness and training initiatives across the organization.
• Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines.
• Engage with external vendors, partners, and law enforcement on security-related matters.

Key Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Minimum 5 years of experience in information security
• Hands-on experience with security technologies such as SIEM (Splunk, Azure Sentinel), EDR, IDS/IPS, firewalls, and cloud security platforms (AWS, Azure, GCP).
• Strong understanding of threat intelligence, malware analysis, and forensic investigation tools.
• Knowledge of regulatory compliance frameworks, particularly within the financial services sector (PCI DSS, MAS TRM, GDPR).