Application Security Engineer

Overview

The Security Engineer plays a crucial role in ensuring the security and integrity of the organization's systems and data. They are responsible for designing, implementing, and maintaining security measures to protect the organization against cyber threats and unauthorized access.

Key Responsibilities

Conduct regular security assessments and risk analysis to identify potential vulnerabilities.

Develop and implement security policies, protocols, and procedures.

Monitor network and systems for security breaches or intrusions.

Perform penetration testing to identify and address security weaknesses.

Configure and manage firewalls, intrusion detection systems, and other security tools.

Collaborate with cross-functional teams to ensure security best practices are followed.

Respond to security incidents and conduct thorough investigations.

Stay updated on latest security threats, technologies, and best practices.

Conduct security audits and compliance assessments.

Implement and manage security solutions such as encryption and multi-factor authentication.

Provide technical support and guidance to IT and other teams on security-related matters.

Conduct vulnerability assessments and manage remediation efforts.

Participate in the development and review of security policies and procedures.

Contribute to the development and implementation of disaster recovery and business continuity plans.

Proactively identify and address security concerns related to new projects and initiatives.

Required Qualifications

Bachelor's degree in Computer Science, Information Technology, or a related field.

Professional certifications such as CISSP, CISM, or CEH.

Proven experience in a security engineering or related role.

Deep understanding of security protocols and cryptography.

Experience with security tools such as SIEM, IDS/IPS, and DLP.

Strong knowledge of network security and web technologies.

Experience with security incident response and forensic investigation.

Proficiency in risk assessment and management.

Excellent understanding of security best practices and standards.

Strong problem-solving and analytical skills.

Ability to communicate complex technical concepts to non-technical stakeholders.

Experience in cloud security and DevSecOps practices.

Must know NIST Standards, HIPAA, PCI DSS, ISO 27001).

Effective time management and organizational skills.

Ability to work effectively in a fast-paced and dynamic environment.