Information Technology Security Engineer

Role description

This job is centered around the following practical tasks:

Security solutions management

• Administer and maintain DLP systems, with a focus on Code42 and Google Workspace DLP.
• define, implement, and fine-tune DLP policies and rules to detect and prevent unauthorized data transfers, data exfiltration, and data leakage.
• Analyse DLP logs and alerts to triage, investigate, and respond to potential security incidents, including identifying false positives and tuning rules for accuracy.
• create and maintain custom reports and dashboards to communicate DLP program effectiveness, metrics, and compliance posture
• Centrally administer and maintain endpoint security safeguards (Symantec Endpoint Protection) including antimalware, EDR/XDR, local firewall and web traffic filtering proxy
• check endpoints for common security misconfigurations and compliance to industry security baselines (e.g. CIS)
• participate in approval of whitelisted applications and services
• answer users requests regarding services and applications approvals, possible DLP exceptions, other endpoint security controls
• React to endpoint-related alerts and security incidents such as lost/stolen devices or ransomware infections
• Baseline Threat Intelligence & Incident Response
• Attack surface monitoring and potential risk spotting and checks
• Monitor data breaches, leaks and threat indicators related to our users, customers, and registered suppliers via threat intelligence tools in place
• Contact the affected parties and assist them with issue resolution
• Produce relevant metrics and reports on threats and their resolution
• Collaborate with IT and external SOC provider on incident-related matters
• Producing relevant incident metrics and high level reports

Security and IT teams collaboration

• Processing security tickets in Jira, user/stakeholder communications
• Collaborating with IT and external SOC provider on relevant alerts processing including in the SIEM
• Contributing to security awareness user training
• Participating in internal security audits, producing metrics and statistics for high level reports
• General requirements
• Hybrid work environment
• Where necessary, readiness to respond out of business hours taking into account Grid Dynamics geography
• Being able to take initiative in solving security problems
• Self-discipline and consistency in taking care of routine tasks
• Being collaborative with other security team members, as well as IT and various development/engineering teams, or any users of the affected systems

Technical skills

Essential skills

• Knowledge and understanding of general information security concepts
• Experience administering and supporting DLP solutions, including deployment, policy configuration, incident response, and system integration.
• Understanding of data classification and handling requirements, and how these intersect with DLP policies and business requirements.
• Centralised antimalware, EDR/XDR, local firewalling and web content filtering in enterprise environments with mixed OS endpoint milieu
• Hands-on experience with threat intelligence, OSINT discovery, supply chain, and attack surface monitoring and alerting tools
• Network/system reconnaissance and vulnerability scanning
• MacOS/Windows/Linux, TCP/IP foundations, AWS/GCP foundations, shell scripting
• Non-essential, nice-to-have skills/experience
• Interest in adapting AI/ML solutions to automate tasks
• Experience with Code42 and Google Workspace DLP/Google Security Centre
• Experience with Symantec Endpoint Protection (full suit)
• Experience with SOCRadar, DarkInvader, ASM, various OSINT tools
• Shell scripting for automating tasks (powershell, bash, ksh)
• Experience with SIEMs, in particular Elastic as SIEM
• Experience in incident response including computer forensics
• Understanding data protection principles and regulatory compliance (e.g., CCPA, GDPR).