Security Engineer

The Senior Security Engineer plays a role in identifying, assessing and mitigating vulnerabilities in the organization's systems, networks, and applications. This role involves conducting comprehensive technical assessments, defining security requirements for new systems, and integrating security measures throughout the system development lifecycle. The Senior Security Engineer will collaborate closely with cross-functional teams to implement appropriate measures and protect our systems from potential threats.

Key Accountabilities

• Conduct vulnerability scans and assessments across systems, applications, and networks using automated tools and manual techniques.
• Analyze scan results, prioritize vulnerabilities based on risk and impact, and provide actionable recommendations for remediation.
• Maintain an up-to-date inventory of vulnerabilities and the status of remediation efforts.
• Design and automate processes for vulnerability management and threat intelligence to ensure that the current risk situation is being monitored continuously.
• Develop and maintain documentation for vulnerability management processes, including policies, procedures, and reporting.
• Drive actionable metrics and reporting for operations and leadership transparency.
• Stay current with emerging threats, vulnerabilities, and security trends to provide informed recommendations.
• Prepare and present vulnerability management reports to stakeholders, including risk assessments and compliance status.
• Assist in incident response activities as needed, particularly related to vulnerabilities and exploits.
• Participate in security awareness training and promote best practices within the organization.

Networking/Key relationships

• Collaborate with IT teams and stakeholders to track and facilitate the remediation of identified vulnerabilities.
• Facilitate communication and coordination between internal teams and external vendors to ensure timely resolution of identified vulnerabilities.
• Build strong partnerships with technical teams to promote best practices for managing vulenrabilites.

Minimum Knowledge & Experience required for the position:

• Bachelor's degree in Computer Science, Cybersecurity or related field.
• A minimum of 3 years of proven experience in vulnerability management or/and threat monitoring.
• Advanced experience with vulnerability scanning tools and other security testing tools (e.g., Nessus, Qualys, Rapid7, Invicti).
• Proven record of automation for vulnerability orchestration processes.
• Practical knowledge of threat modeling and threat hunting.
• Solid knowledge of web application security threats.
• Good scripting skills (e.g., PowerShell, Python).
• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls, HIPPA) is a plus.
• Certifications in cybersecurity area (e.g., CISSP, CISM, CEH, CompTIA Security+) are a plus.

Skills & Capabilities:

• Teamwork and collaboration
• Strong analytical and problem-solving skills with attention to detail
• Ability to work independently managing assigned projects
• Adaptable to change
• lntegrity and trust
• Time management
• Fluent English in verbal and written communication

Travel requirements:

1% of time