Security Engineer

Job Description

Job DescriptionDescription:

We are seeking a highly skilled Security Engineer with extensive experience in cloud security, particularly within the AWS and MS365. The ideal candidate will have at least 5 years of AWS security experience and be proficient with security tools such as CrowdStrike, Coro Security or similar email security platforms, Knowbe4 and Microsoft. This role will be responsible for designing, implementing, and managing security measures that protect our AWS & MS environment and ensure the integrity, confidentiality, and availability of our data and systems.?

Responsibilities:

• AWS Security Architecture:?Design and implement robust security architectures and controls within AWS environments, ensuring compliance with best practices and organizational policies.
• Security Monitoring & Incident Response:?Deploy and manage security monitoring tools like CrowdStrike and Coro to detect, investigate, and respond to security incidents and vulnerabilities in real-time.
• Identity & Access Management (IAM):?Develop and manage AWS IAM policies, roles, and access controls to enforce least privilege and secure access to AWS resources.
• Threat Detection & Vulnerability Management:?Implement and maintain advanced threat detection and vulnerability management strategies within the AWS & MS environments, utilizing tools such as CrowdStrike, Coro, MS Defender and Guard Duty.
• Compliance & Risk Management:?Ensure AWS & MS environments comply with relevant security standards and regulations (e.g., ISO 27001, NIST, GDPR) and manage risk assessments and audits.
• SIEM: Perform daily system monitoring and reviewing log data, build searches, check alarms, drill down through log sources, identify event logs.
• Collaboration:?Work closely with DevOps, engineering, and IT teams to integrate security best practices into the software development lifecycle (SDLC) and operational workflows.
• Monitoring and Analysis: Security analysts constantly monitor networks and systems for suspicious activity, security breaches, and potential vulnerabilities.?
• Incident Response: They investigate security incidents, analyze their impact, and take necessary actions to contain and resolve the issue.?
• Vulnerability Assessment and Penetration Testing: Identify weaknesses in systems and networks through vulnerability scans and penetration tests and then recommend solutions to mitigate these risks.?
• Security Policy and Implementation: Contribute to the development and implementation of security policies, procedures, and standards to protect sensitive information.?
• Security Awareness Training: Educate employees and users about security best practices, helping to prevent human error-related security breaches.?
• Security Audits and Compliance: Conduct regular security audits to ensure compliance with relevant regulations and standards.?

Skills and Qualifications:

• Strong knowledge of networking, operating systems, security technologies (firewalls, intrusion detection systems, etc.), and security protocols.?
• Ability to analyze security logs, network traffic, and other data to identify potential threats.?
• Ability to identify, analyze, and resolve security incidents and vulnerabilities.?
• Ability to communicate security risks and recommendations effectively to both technical and non-technical audiences.?
• Industry certifications like CISSP, Security+, or CEH can be beneficial.?

Requirements: