Infrastructure Security Engineer

Job Description

● This role will be responsible for crafting and building security requirements to support a variety of high-demand infrastructure projects.
● Operate security products and devices such as CyberArk, CrowdStrike, Qualys, ETP, Netskope, Trend Micro, Symantec Endpoint Protection, DAM, etc.
● Engineer, implement, and monitor security measures for the protection of on-premise infrastructure.
● Analyze threats and current security controls to identify gaps in the current defense posture.
● Contribute to systems incident response and event handling with the outsourced MSS provider.
● Perform maintenance and system upgrades including service packs, patches, hotfixes, and security configurations with support from third parties.
● Define security requirements based on SPH risk assessments and document Security Standards and Procedures for on-premise technologies and public cloud.
● Run monthly patching and vulnerability scans for infrastructure using vulnerability scanners.
● Run CIS hardening scans for Windows and Linux OS.
● Provide Level-1/2 support and troubleshooting to resolve issues for security-related devices.
● Work within established configuration and change management policies to ensure awareness, approval, and success of changes made to the security devices.
● Select and implement security tools, policies, and procedures in conjunction with the company’s security team.
● Liaise with vendors and other IT personnel for problem resolution.
● Generate and share weekly/monthly reports with management.

C. Job Profile

Required Work Experience, Skills and Knowledge
● 4 to 6 years of experience operating security technologies, such as SIEM, EDR, EPP, Cloud Proxy, PAM, Scanning tools, ETP, DAM, etc.
● 4 to 6 years of infrastructure security experience working with major firewall or security platforms (Fortinet, CyberArk, CrowdStrike, Qualys, ETP, Netskope, Trend Micro, Symantec Endpoint Protection, DAM, etc).
● 2 to 4 years of experience operating with public and private cloud, preferably AWS.
● Knowledge in AWS security, governance, and compliance services such as GuardDuty, Security Hub, Trusted Advisor, AWS Firewall, AWS Shield, CloudTrail, etc., would be a plus.
● Strong knowledge of networking – either classic (switching, dynamic routing protocols, static and rule-based routing, etc.) or cloud (VPC, peering, gateways, SD-WAN secure fabric).
● Good understanding of encryption and tunneling protocols (PKI, IPSec, SSL VPN, TLS, IKE, IKEv2, etc.)
● Familiarity with cloud technologies and infrastructure virtualization (IaaS, PaaS, SaaS, NFV, SDN, SD-WAN).
● Understanding of CIS baseline security requirements and platform hardening principles.
● Experience in creating SOP documents, diagrams (Visio), and presentations (PowerPoint).
● Knowledge of the ITIL framework and principles.

Required Competencies
● Excellent communication, interpersonal, and problem-solving skills.
● Team player and self-motivated.
● Familiarity with project management approaches, tools, and phases of the project lifecycle.
● A pragmatic and flexible mindset to succeed in an ever-changing and dynamic environment.
● Ability to learn and adapt to new technologies.
● Ability to proactively carry out tasks independently.

Required Qualifications
● Certified Security Product Professional (CyberArk, CrowdStrike, Qualys, etc.)
● Any security product certification would be a plus.
● University degree in Computer Science or a related field.