Security Engineer

Job Overview:*The Security Engineer*will play a critical role in ensuring the security, compliance, and resilience of applications and infrastructure across the organisation. This role is responsible for integrating security controls from the early stages of the Software Development Lifecycle (SDLC), overseeing security tool onboarding, and ensuring adherence to cybersecurity policies.
Key responsibilities include identifying and mitigating security risks, implementing DevSecOps best practices, securing cloud environments, and enhancing automation within CI/CD pipelines. Additionally, the Security Engineer monitors vulnerabilities, drives risk management initiatives, and supports governance processes to align with Cybersecurity paved road services. Key Responsibilities:*Ensure compliance with critical security requirements, including CMDB updates, access control, threat modelling, WAF implementation, secrets management, and penetration testing, to secure cybersecurity approval before go-live. Lead security tool onboarding, infrastructure management, application log monitoring, and data security to uphold organisational security standards. Collaborate with application product teams from the early stages of the SDLC to define and implement security controls, conducting comprehensive architecture reviews. Assist development teams in integrating security tools and agents to achieve full coverage, including SCA, SAST, DAST, container scanning, IaaC, and infrastructure security. Strengthen the security of containers, Kubernetes, and microservices. Serve as a technical support and IAM administrator, overseeing user roles, permissions, and service accounts for data lake projects on GCP. Identify and assess security risks, document them in risk registers, and work with the Governance, Risk, and Compliance (GRC) team to drive risk mitigation or acceptance. Deliver comprehensive security and compliance solutions through DevSecOps, covering risk assessment, mitigation strategies, vulnerability management, and patch management. Strong understanding of automation, scripting, and DevOps pipeline integration. Integrate security tools into CI/CD pipelines to enable automated vulnerability detection and resolution. Enforce quality gates in blocking mode for critical and high vulnerabilities to ensure secure deployments. Implement the Secure Software Development Lifecycle (S-SDLC) for applications hosted across AWS and Azure in multiple regions. Monitor and analyse vulnerability scan reports, conducting false-positive assessments to enhance risk management accuracy. Provide administrative and product support to internal and external users for security-related concerns. Maintain and enhance the security posture of both legacy and business-as-usual (BAU) applications to ensure continuous compliance. Lead cross-functional teams to foster secure and compliant product lifecycles while optimising security processes. Develop and maintain JIRA dashboards to monitor security requirements and track project progress. Generate weekly security dashboards and scorecards, offering leadership clear insights into application security status. Self-motivated and proactive, with the ability to take initiative, work independently, and engage with stakeholders across multiple time zones as needed. Qualifications: *Education: *Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. Experience:*4years of experience in cybersecurity, DevSec Ops or related fields. 2years of experience of leading the project or similar task within a security focused role. Proven track record of aligning security strategies with business objectives. Certifications:*Relevant certifications such as CISSP, CISM, CRISC, CISA or equivalent are highly desirable but not required. Skills: *Technical Expertise: Strong understanding of cybersecurity frameworks, CI/CD pipelines, technologies, and best practices. Business Acumen:*Ability to understand and align with the businessstrategic objectives and challenges. Communication:*Excellent verbal and written communication skills, with the ability to translate technical concepts into business language. Problem-Solving:*Strong analytical and problem-solving skills, with a proactive approach to identifying and mitigating risks. Relationship Management:*Ability to build strong relationships with stakeholders and various teams, fostering trust and collaboration. Preferred Qualifications: *Experience in coding, automation, cloud security, and DevOps practices is highly desirable. Knowledge of regulatory requirements relevant to the industry, such as GDPR, HIPAA, PCI-DSS, etc. Familiar with various NIST frameworks including NIST, NIST 800-30 and NIST RMF. Experience working in a matrixed organization with multiple lines of business. Key Attributes:*Proactive Self-Driven*Takes initiative, works independently, and engages stakeholders without requiring supervision. Technical Expertise*Strong knowledge of security tools, cloud security, DevSec Ops, and automation. Risk Compliance Focused*Ensures alignment with cybersecurity policies, governance frameworks, and regulatory requirements. Effective Stakeholder Management*Collaborates with cross-functional teams and communicates security risks clearly. Adaptable Solution-Oriented*Quickly addresses security challenges and supports multiple time zones as needed.