Senior Security Engineer

We are seeking an experienced Senior Security Engineer to lead the design, implementation, and management of enterprise security solutions. This role is responsible for protecting organisational systems, networks, and data through proactive risk assessment, threat mitigation, and security architecture best practices.

The Senior Security Engineer will play a key role in driving security initiatives, staying ahead of emerging threats, and providing expert guidance across the business. Working closely with cross-functional teams, this position helps ensure a secure, resilient, and compliant IT environment that supports business objectives.

Key Responsibilities

1. Security Infrastructure Design and Implementation

• Lead the design, implementation, and ongoing management of enterprise security infrastructure.
• Develop, enforce, and maintain security policies, procedures, and standards.
• Perform regular risk assessments to identify and remediate security gaps.
• Collaborate with IT teams to integrate security controls into existing systems and architectures.
• Stay current with emerging threats and technologies to proactively enhance security capabilities.

2. Incident Response, Management, and Analysis

• Define and maintain incident response procedures and lead investigations into security incidents.
• Analyse incidents, produce detailed reports, and drive corrective and preventive actions.
• Conduct post-incident reviews to improve response processes and controls.
• Act as a senior escalation point and coordinate with legal, compliance, or external authorities when required.
• Provide guidance and training to teams on incident response best practices.

3. Vulnerability Assessment and Management

• Conduct regular vulnerability assessments and manage vulnerability programs.
• Remediate security vulnerabilities to enhance the organization's security posture.
• Develop and implement automated tools for continuous vulnerability scanning.
• Collaborate with system administrators to implement patches and updates promptly.
• Provide detailed vulnerability reports and recommendations to stakeholders.

4. Security Compliance, Auditing, and Policy Development

• Ensure compliance with industry standards, regulations, and best practices.
• Conduct security audits, develop security policies, and enforce their implementation.
• Regularly review and update security policies based on evolving threats and regulations.
• Facilitate external audits and assessments to validate compliance.
• Monitor and report on compliance metrics to senior management.

5. Security Awareness, Training, and Communication

• Develop and deliver security awareness programs for employees.
• Provide training on security best practices and policies.
• Communicate security risks, issues, and recommendations to stakeholders.
• Create and distribute security-related educational materials for ongoing awareness.
• Establish a communication plan for immediate response during security incidents.

6. Security Architecture Review and Technology Evaluation

• Review and assess security architecture, making recommendations for improvement.
• Evaluate emerging security technologies and lead their integration.
• Regularly review and update security architecture documentation.
• Conduct in-depth analysis of potential security solutions to inform decision-making.
• Collaborate with vendors to evaluate the security features of third-party products.

7. Continuous Learning, Professional Development, and Threat Intelligence Monitoring

• Stay current with industry trends, emerging threats, and security technologies.
• Pursue relevant certifications and training for continuous professional development.
• Monitor and analyse threat intelligence sources to stay informed about emerging threats.
• Collaborate with threat intelligence sharing groups and organizations.
• Contribute to industry forums and publications to share insights and gain knowledge.

8. Identity and Access Management

• Implement and manage identity and access management controls.
• Ensure proper access controls and permissions to protect sensitive information.
• Regularly review and update access control policies based on organizational changes.
• Conduct access reviews to validate the appropriateness of user permissions.
• Implement multi-factor authentication and other advanced access controls.

9. Endpoint Security and Network Design

• Implement and manage endpoint security solutions.
• Design and implement secure network architectures, including firewalls and VPNs.
• Conduct security assessments of network infrastructure.
• Implement and manage encryption protocols for data in transit.
• Collaborate with network engineers to design and implement secure network segments.

Qualifications & Experience

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master's degree is a plus.
• Minimum of 7 years of hands-on experience in cybersecurity, with at least 3 years in a senior or lead role.
• Proven experience in designing and implementing complex security solutions.
• Industry-recognized certifications such as CISSP, CISM, or equivalent.
• Additional certifications in specific technologies or areas of expertise are desirable.
• In-depth knowledge of security infrastructure design and implementation.
• Expertise in incident response, vulnerability assessment, and penetration testing.
• Proficiency in security compliance, auditing, and policy development.
• Strong understanding of security architecture principles and technologies.
• Hands-on experience with security tools and technologies, including SIEM, IDS/IPS, firewalls, and antivirus solutions.
• Familiarity with identity and access management solutions and practices.
• Strong Technical abilities to assess, repair and implement Server and Infrastructure related kit.