Security Engineer

Job Description

Job Summary: We are looking for an experienced Security Engineer to lead and manage the end-to-end security posture of our hybrid infrastructure, which includes AWS cloud , on-premise servers (Windows & Ubuntu) , Cloudflare edge services , ELK and SQL databases , and Sophos hardware firewall . The ideal candidate will proactively build, monitor, and optimize security frameworks across infrastructure, applications, and data layers. Key Responsibilities: Design and enforce security controls across cloud (AWS) and on-premise environments. Configure and manage Sophos hardware firewalls for network protection and segmentation. Secure and monitor web traffic, APIs, and DNS via Cloudflare WAF, rate limiting, and bot management . Implement and maintain IAM policies , S3 encryption , VPC configurations , and MFA in AWS. Harden servers running Windows and Ubuntu , applying regular patches and security baselines. Conduct security reviews for ELK and SQL databases , focusing on access control, backups, and encryption. Develop and automate audit logging, intrusion detection , and real-time alerting across systems. Integrate security into CI/CD pipelines using GitHub Actions, Terraform, etc. Work closely with DevOps and engineering teams to conduct threat modeling and risk assessments. Respond to security incidents , perform root cause analysis, and lead remediation efforts . Ensure compliance with ISO 27001 , GDPR , and internal data protection policies. Required Skills & Tools: Strong hands-on experience with AWS Security best practices (IAM, KMS, CloudTrail, GuardDuty). Knowledge of Cloudflare features like WAF, DNSSEC, SSL, Zero Trust, and traffic routing. Proficiency in managing Windows Server and Linux (Ubuntu) security configurations. Practical knowledge of Sophos firewall policies, VPNs, and IPS. Experience with ELK Stack security (user authentication, RBAC, log masking) and SQL database hardening . Familiarity with log aggregation, SIEM tools , and endpoint security solutions . Ability to automate tasks with Python, Bash , or PowerShell. Good understanding of network protocols, port scanning , and packet inspection . Experience in penetration and brute force testing , with ability to guide teams. Preferred Qualifications: Certifications: AWS Security Specialty, CEH, CISSP, CISM, OSCP . Experience working with hybrid environments (cloud + on-premise). Exposure to compliance standards like SOC 2, GDPR, ISO 27001. Familiarity with DevSecOps pipelines , vulnerability scanning, and configuration drift detection .