Security Engineer

• Develop and maintain security standards and processes to support compliance requirements.
• Oversee cybersecurity operations and ensure alignment with internal policies and external regulations.
• Review product designs and system changes to identify and resolve security gaps.
• Prepare and manage audit readiness for frameworks such as SOC2 Type 2 and HiTrust.
• Define strategy for cybersecurity audits from development, operations, and security perspectives.
• Manage security tooling, implement vulnerability scanning and penetration testing cycles, and ensure remediation of issues.
• Produce compliance and audit documentation for clients and regulators.

• Plan, deploy, and maintain IT systems and cloud infrastructure with a security-first approach.
• Detect and prevent vulnerabilities across networks, cloud environments, and applications.
• Define secure hardware and software standards in collaboration with stakeholders.
• Support disaster recovery and crisis management processes, ensuring business continuity.
• Work with IT and DevOps teams to optimise vendor solutions and enforce security baselines.

• Collaborate with leadership to centralise risk management and implement mitigation strategies.
• Automate security controls and support compliance across development lifecycles.
• Conduct regular reviews of security policies, processes, and infrastructure configurations.
• Address and remediate risks identified during audits or security reviews.
• Document risks, processes, and outcomes in line with compliance frameworks.

• Maintain a cybersecurity roadmap and audit calendar.
• Oversee documentation of penetration tests, vulnerability scans, and remediation plans.
• Ensure records are updated and accessible for audits and client requests.
• Maintain centralised documentation for system architecture, assets, and vulnerabilities.

Education

• Bachelors degree in Computer Science, Software Engineering, or related discipline (essential).

Professional security certifications desirable: OSCP, PNPT, CISSP, CCSP.

Experience

• Minimum 5 years in software / technology environments.
• At least 3 years focused on cybersecurity.
• Hands‑on experience with AWS (Well Architected Framework, GuardDuty, IAM, ECS / EKS, etc.).
• Proven record in penetration testing, vulnerability scanning, incident response, and security design.

• Strong understanding of automation, security engineering, and architecture design principles.
• Proficiency with observability tools (logging, monitoring, performance tracking).
• Administration of Linux / Windows environments, networking, and distributed computing.
• Knowledge of firewalls, intrusion detection / prevention, SOAR, EDR, and threat hunting.
• Familiarity with containerisation and orchestration (Docker, Kubernetes, ECS).