Senior Cyber Security Engineer

Job Tags

Industry

We seek a highly skilled, experienced, and self-motivated Senior Cyber Security Engineer. You will play a critical role in fortifying the security posture of Atlan, by implementing cutting-edge security best practices like Policy as Code and Shift Left Security and ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001.
What you will do?
  • Be the subject matter expert for Information Security matters. Implement and manage security best practices that bolster the security posture of the organization. 
  • Identify security gaps, explore and Identify open source or 3rd party solutions that address the security gaps, and prove the ROI for each solution with a strong business use case.
  • Partner with GRC engineers in driving cyber security initiatives covering : Cloud Security, Application Security, Endpoint Security, Data Security, Email Security etc
  • inline with frameworks like SOC 2, ISO 27001, GDPR, NIST, and other data privacy and cybersecurity frameworks.
  • Partner with GRC engineers in risk assessments and developing relevant policies, procedures, and guidelines for security compliance and support in security audits for various standards and client questionnaires.
  • Vulnerability Management : 
  • Develop internal capabilities to identify vulnerabilities, misconfigurations, and violations of best practices using Vulnerability Assessments, Penetration Testing, Threat Modelling, Security Review /Audits etc.
  • Develop and maintain vulnerability management processes and procedures to streamline the identification, reporting, and resolution of security vulnerabilities.
  • Manage VAPT partner(s) and collaborate with cross-functional teams to ensure that vulnerabilities are remediated in the defined SLA.
  • Create dashboard/reports to communicate the performance of various security initiatives to the entire org such as External VAPT, Secret Scanning, SCA, SAST, DAST, and Internal VAPT.
  • Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management.
  • SOC : 
  • Use data/logs collected from a variety of tools (e.g Audit logs, access control logs EDR, identity provider, MDM, SaaS platforms, AWS, GCP, Azure, WAF, Application Logs, etc) to analyze, identify and mitigate potential threats/anomalies. 
  • Build response workflows and actions that auto-resolve false positives, enabling engineers to focus on relevant threats.
  • Develop and automate security workflows, playbooks, and tools to improve the efficiency and effectiveness of security operations.
  • Policy as a Code: 
  • Drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.
  • Shift Left Security: 
  • Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
  • Partner with Cloud Infra and IT team in implementing shift left security practices, such as :
  • Embedding security practices in SDLC & Cloud infrastructure.
  • Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.
  • Security Incident Management : 
  • Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats.
  • Carry out digital forensics as part of security incident investigation.
  • Ensure that engineering teams understand the impact of an incident and derive corrective and preventive actions for themselves.
  • Security Training: 
  • Drive the security mindset across the organization in partnership with the GRC team.
  • Create awareness/training content that forces engineering teams to embed a security shift left approach.
  • What makes you a match
  • 5+ years of relevant industry experience in a security engineering or cloud infrastructure security team.
  • Strong coding proficiency in Python /Go/ Shell etc.
  • Strong technical knowledge of security principles and technologies such as, firewalls, IDS/IPS, DLP, Encryption, SIEM, UEBA, EDR, SOAR, Threat Intelligence, Web Proxy/Content Filtering, Active Directory, and PKI.
  • Experience with industry standards and frameworks such as CVE, CVSS, NIST, SANS 25 and OWASP.
  • Experience deploying solutions for monitoring of security best practices in cloud resources, CI/CD pipelines and Kubernetes platforms.
  • Familiarity with infrastructure as code tools (Terraform, CloudFormation, etc)
  • Familiarity with more than one cloud vendor (AWS, GCP, Azure).
  • Ability to work alongside a remote team, using a data-driven mindset to propose and own engineering decisions.
  • Bachelor’s degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CEH, Security+).
  • Proven experience working in a Security Operations Center (SOC) environment with a focus on vulnerability management.
  • Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks in a fast-paced environment.
  • Strong attention to detail and a commitment to delivering high-quality results.
  • Ability to work both independently and collaboratively as part of a team.
  • Ouindex 2024 © All rights reserved