Expert IT Security Engineer

About the role:

Barry Callebaut Digital (BC Digital) is on a mission to lead the digital revolution in the chocolate industry, and we're looking for an Expert Security Engineer Infrastructure, dedicated to protecting Barry Callebaut's IT environment, while focusing on maintaining robust defenses against cyber threats through network and endpoint security measures. Reporting to the Director of IT Security, you will monitor cloud security and patch management for a consistent performance, preventing vulnerabilities of software across Barry Callebaut. In addition, you will act as an expert but also communicate in a very effective and easy-to-understand manner and incorporate strategic goals, (regulatory) requirements, external trends, threats and risks that must be addressed into our controls and associated working processes, technologies, skills, and procedures.

Key responsibilities:

Assist in developing and executing the vision for IT Security, aligning with the overall Security Strategy

Design, architect and implement security architectures for complex environments

Support the implementation of policies, security controls and systems to protect our environment

Design and implement a layered security approach; including identity and authentication security measures, network security measures, endpoint security measures and cloud security measures

Mentor junior engineers and foster innovation

Provide day-to-day 3rd level support for solutions in scope of IT Infrastructure Security

Gather requirements and pinpoint process and system enhancements incl. IT security best practices

Support the implementation of policies and systems to protect our IT environment

Assist in development of documentation, subject training, and other knowledge material on infrastructure security

Collaborate effectively with managed security services provides

Collaborate effectively in a globally operating team across multiple time zones to achieve shared goals and drive project success

About you:

Degree in IT/technology, data, business administration, or infrastructure security a comparable field

Minimum of 10 years of relevant working experience

Advanced knowledge of infrastructure security, layered security approaches (incl. identity and authentication, network security, endpoint security, and cloud security)

CISSP, CompTIA+ Security, or other relevant (cloud) security-related certifications are highly appreciated.

Proficient in English

Excellent knowledge in the areas of:

Network Security (E.g. Check Point, Palo Alto, Fortinet, others)

SASE and Secure Internet Access Gateways (E.g. Check Point Harmony, Permieter81, Zscaler, others)

Endpoint Detection and Response – EDR (E.g. Carbonblack, MS Defender, others)

Cloud Security: Strong knowledge of Microsoft Azure security stack (Defender for Cloud, Sentinel), and general cloud security principles.

Additional Competencies (Good Knowledge Preferred):

Endpoint Management: Tools like Microsoft Intune or similar.

Security Architecture & Design: Ability to design secure systems and evaluate architectural risks.

Security Frameworks & Best Practices: Familiarity with NIST, ISO 27001, CIS Controls, etc.

Automation & Scripting: Experience with Python, Terraform, Ansible, Azure DevOps, or similar tools.

Cloud Posture Management: Understanding of tools like Microsoft Defender for Cloud or equivalent)

Self-motivated and accountable, with a strong sense of ownership.

Collaborative mindset with the ability to align and mobilize cross-functional teams.

Analytical thinker with strong problem-solving capabilities.

Able to translate business needs into actionable security insights.

Excellent communication skills—both written and verbal—with the ability to engage technical and non-technical audiences.

Eagerness to learn and adapt to new technologies and security domains.

We offer:

Employment on a regular basis in the sweetest company in the world.

Annual bonus based on your work results.

Lunch card to be used for groceries and restaurants.

Private medical care in Lux Med (basic package fully financed by BC).

Fit Profit sports card co-financed by BC.

PPE: we care about your future, and we save money for your retirement.

Cafeteria Program as a part of Social Fund.

Group life insurance.

Hybrid working model: min. 8 days in the office a month.

As part of our work-life balance culture, we can start work between 7 am and 10 am.

Free consultation with a lawyer once a quarter.

Chocolate! Yes, surprising but we have chocolate in the office, for Christmas, BC’s Birthday, and many other occasions during the year.

And if chocolate is still not enough, you can join one of our theme clubs, where together with other employees we develop our passions and interests.

Daily delivery of fresh fruits and veggies to the office.

You can purchase our sweet products with a special discount.

Relax zone in the office and plenty of options to choose from: PlayStation 5, football table, pool table, Ping-Pong, library, table games, and massage chairs.

Sport @work? Sure! We have treadmills and indoor exercise bikes with a laptop station.

We like to party as much as we like chocolate! We have integration budgets we can use for team events.

Forever Chocolate and Event Team: you can join them and have a real influence on social life in BC and CSR activities.