Security Engineer

Key Performance Areas

• Cybersecurity Management
• Infrastructure Management
• Risk Management and Compliance
• QMS and Documentation

Minimum education (essential):

• Engineering degree (Computer, Software, Mechanical or Electronic)

Minimum education (desirable):

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

• AWS ecosystem:
• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS / EKS
• Incident detection and response management
• Performing penetration tests and vulnerability scans against networks, infrastructure, applications, and AWS environments
• Drafting and implementing security policies, procedures, and designs

The following would be advantageous:

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge (essential):

• Deep understanding of automation, quality engineering, architecture methodologies, principles, and solution design
• Familiarity with operational observability, log aggregation, application performance monitoring, etc.
• Understanding of Linux / Windows server and application administration, networking, scripting, and automation, large-scale distributed architecture
• Solid knowledge of IT security (firewalls, EDR, IDS / IPS, SOAR, vulnerability scanning, forensic analysis, Threat Hunting)
• Understanding of AWS ECS & Kubernetes, containerization (Docker / Podman / Containerd), including implementation, support, and design
• Knowledge of security frameworks like MITRE or the cyber-attack kill chain
• Good knowledge of industry standards, memberships, and frameworks such as CIS and SOC 2