Security Engineer

IT Security Officer with at least 3 years of experience in developing, implementing, and maintaining comprehensive information security programmes for enterprise environments. The candidate should possess in-depth knowledge and hands-on experience in the following core areas: (Must Have) • Information Security Governance (Core): (A) • Knowledge of information security policies, standards, and procedures • Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR, HIPAA) • Conducting regular risk assessments and managing the organisation's risk register • Threat Detection and Response (Core): (D) • Managing Security Information and Event Management (SIEM) systems • Experience with Endpoint Detection and Response (EDR) solutions • Developing and maintaining incident response plans and procedures • Vulnerability Management (Core) (E) • Conducting regular vulnerability assessments and penetration testing • Managing the patch management process across the organization • Experience with vulnerability scanning tools and remediation strategies • Compliance and Auditing (Core): (H) • Ensuring compliance with relevant industry standards and regulations • Conducting internal security audits and supporting external audits • Preparing and maintaining security-related documentation for compliance purposes (Good to Have) • Security Architecture: (B) • Knowledge of zero-trust security models and microsegmentation • Knowledge of secure cloud architectures and cloud security best practices • Security Architecture: (C) • Managing IAM solutions • Experience with multi-factor authentication (MFA) and single sign-on (SSO) technologies • Proficient in privileged access management (PAM) strategies • Data Protection (Core): (F) • Knowledge of data loss prevention (DLP) strategies • Experience with encryption technologies for data at rest and in transit • Knowledge of data classification and handling procedures • Security Awareness and Training: (G) • Developing and delivering security awareness training programmes • Creating and maintaining security documentation and guidelines for end-users • Promoting a culture of security within the organization • Third-Party Risk Management (I): • Assessing and managing security risks associated with vendors and third-party service provider • Developing and enforcing security requirements for third-party contracts • Cloud Security (Core): (J) • Understanding of cloud security principles and best practices • Experience securing multi-cloud and hybrid cloud environments • Knowledge of cloud access security brokers (CASB) and cloud security posture management (CSPM)- Application Security (Core): (K) • Familiarity with secure software development lifecycle (SDLC) practices • Experience with application security testing tools and methodologiesKnowledge of web application firewalls (WAF) and runtime application self-protection (RASP) • Operational Technology (OT) Security: (L) • Understanding of OT security principles and challengesExperience securing industrial control systems (ICS) and SCADA environments • Emerging Technologies: (M) • Keeping abreast of emerging security technologies and threats • Evaluating and recommending new security solutions as needed