KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses. As part of the Space & Cyber Technologies cluster at EDGE, one of the world’s leading advanced technology groups, KATIM delivers trust in a world where cyber risks are a constant threat, and fulfills the increasing demand for advanced cyber capabilities by delivering robust, secure, end-to-end solutions centered on four core business units: Networks, Ultra Secure Mobile Devices, Applications, and Satellite Communications. Our talented team of cross-functional experts continually takes on new challenges. We work with the energy of a start-up yet the discipline of a large business to make solutions and products work for our customers at scale.
As a Senior Security Engineer, you will play a pivotal role in safeguarding KATIM's infrastructure and products. This position requires the design, implementation, and management of sophisticated security measures to defend against evolving threats. The ideal candidate will have a comprehensive understanding of security principles and standards, hands-on expertise with security technologies, and a proven ability to lead projects and deliver results within deadlines. Collaboration with cross-functional teams is essential to ensure that security is seamlessly integrated into every aspect of our technological framework.
Key Responsibilities
- Contribute to develop and implement robust security architectures for KATIM’s systems and applications, ensuring alignment with industry best practices and regulatory requirements.
- Create and maintain comprehensive documentation for security architectures and solutions.
- Oversee and, when necessary, contribute to the configuration and operation of a comprehensive suite of security tools and technologies, including firewalls, IDS/IPS, WAF, proxies, email security, DLP, IRM/DRM, ATP, network infrastructure, and endpoint protection solutions.
- Ensure the confidentiality, integrity, and availability of on-premise and cloud environments, servers, databases, laptops, firewalls, and other devices for secure data storage and transfer.
- Establish new network security standards, including policies, security review processes, and guidelines for routers, firewalls, switches, and wireless access points.
- Collaborate with development and infrastructure teams to integrate security best practices into system designs.
- Evaluate various solutions from a security perspective and provide assessment reports.
- Work with relevant teams to prioritize and address vulnerabilities promptly.
- Oversee the identification, assessment, and remediation of security vulnerabilities across all systems and networks.
- Review and audit security implementations to ensure compliance and effectiveness.
- Ensure compliance with industry standards, regulations, and frameworks (e.g., ISO 27001, NIST, CIS, GDPR).
- Clearly communicate security risks, incidents, and updates to management and relevant stakeholders.
- Conduct security training and awareness programs for employees to foster a culture of security within the organization.
- Stay informed about the latest security trends, technologies, and threat intelligence to continuously enhance the organization’s security posture.
- Propose and implement improvements to existing security processes and technologies.
Education and Minimum Qualification
- Bachelor's or Master's degree in Computer Science or a related field.
- 8-10 years of experience with hands-on expertise in developing, operating, and maintaining security technologies.
- Strong understanding of web application security and mobile application security.
- Familiarity with threat modelling techniques such as STRIDE, DREAD or PASTA.
- Knowledge of cryptographic tools and techniques.
- Experience with cloud security, container security and API security.
- Experience in implementing DevSecOps requirements as per ISO, NIST, CSA and CIS best practices.
- Understanding of CI/CD processes and how security can be integrated into them.
- Familiarity with DevOps and related tools such as Jenkins, GitLab, Docker, Kubernetes and Ansible.
- Experience with security tools such as DAST, SAST, SCA, and open source tools such as Burp Suite, Metasploit, OWASP ZAP.
- Familiarity with administrative tasks within popular operating systems like RHEL and Ubuntu.
Key Skills
- Excellent written and verbal communication skills.
- Strong problem-solving skills and attention to detail.
- Certifications such as CISSP, CISM, OSCP or CEH are a plus.