Senior Engineer - Security

Bachelor of Science (Computers), Master of Science (Computers)

Nationality: Any Nationality

Vacancy: 1 Vacancy

Job Description

As a Senior Security Engineer, you will play a pivotal role in safeguarding KATIM's infrastructure and products. This position requires the design, implementation, and management of sophisticated security measures to defend against evolving threats. The ideal candidate will have a comprehensive understanding of security principles and standards, hands-on expertise with security technologies, and a proven ability to lead projects and deliver results within deadlines. Collaboration with cross-functional teams is essential to ensure that security is seamlessly integrated into every aspect of our technological framework.

1. Contribute to develop and implement robust security architectures for KATIM's systems and applications, ensuring alignment with industry best practices and regulatory requirements.
2. Create and maintain comprehensive documentation for security architectures and solutions.
3. Oversee and, when necessary, contribute to the configuration and operation of a comprehensive suite of security tools and technologies, including firewalls, IDS/IPS, WAF, proxies, email security, DLP, IRM/DRM, ATP, network infrastructure, and endpoint protection solutions.
4. Ensure the confidentiality, integrity, and availability of on-premise and cloud environments, servers, databases, laptops, firewalls, and other devices for secure data storage and transfer.
5. Establish new network security standards, including policies, security review processes, and guidelines for routers, firewalls, switches, and wireless access points.
6. Collaborate with development and infrastructure teams to integrate security best practices into system designs.
7. Evaluate various solutions from a security perspective and provide assessment reports.
8. Work with relevant teams to prioritize and address vulnerabilities promptly.
9. Oversee the identification, assessment, and remediation of security vulnerabilities across all systems and networks.
10. Review and audit security implementations to ensure compliance and effectiveness.
11. Ensure compliance with industry standards, regulations, and frameworks (e.g., ISO 27001, NIST, CIS, GDPR).
12. Clearly communicate security risks, incidents, and updates to management and relevant stakeholders.
13. Conduct security training and awareness programs for employees to foster a culture of security within the organization.
14. Stay informed about the latest security trends, technologies, and threat intelligence to continuously enhance the organization’s security posture.
15. Propose and implement improvements to existing security processes and technologies.

1. Bachelor's or Master's degree in Computer Science or a related field.
2. 8-10 years of experience with hands-on expertise in developing, operating, and maintaining security technologies.
3. Strong understanding of web application security and mobile application security.
4. Familiarity with threat modelling techniques such as STRIDE, DREAD or PASTA.
5. Knowledge of cryptographic tools and techniques.
6. Experience with cloud security, container security, and API security.
7. Experience in implementing DevSecOps requirements as per ISO, NIST, CSA and CIS best practices.
8. Understanding of CI/CD processes and how security can be integrated into them.
9. Familiarity with DevOps and related tools such as Jenkins, GitLab, Docker, Kubernetes, and Ansible.
10. Experience with security tools such as DAST, SAST, SCA, and open source tools such as Burp Suite, Metasploit, OWASP ZAP.
11. Familiarity with administrative tasks within popular operating systems like RHEL and Ubuntu.

1. Excellent written and verbal communication skills.
2. Strong problem-solving skills and attention to detail.
3. Certifications such as CISSP, CISM, OSCP or CEH are a plus.