Cybersecurity Engineer

Our Mission

Avertra's mission is to Simplify Life — automating complex decision-making for customer-centric industries including Utilities, Financial Services, Logistics, and Commerce. We are solving today's toughest enterprise challenges, directly improving the employee and customer experience.

What We Promise You

• Join a global family of passionate people building a sustainable, scalable ecosystem guided by logic and empathy.
  
• Be empowered to drive meaningful change and innovate at every level.
  
• Receive genuine investment in your growth — mastery of your domain and a path to excellence.
  

Role Overview

The Cybersecurity Engineer is a senior technical role responsible for implementing and evolving Avertra's IT security framework across our cloud-native infrastructure and application landscape. You will protect the organization's systems, data, and operations while maintaining continuous compliance with industry and regulatory standards.

Threat Detection & Incident Response

• Conduct continuous network monitoring and intrusion detection using IDS/IPS, SIEM, NAC, HBSS, and vulnerability management tooling.
  
• Correlate activity across networks, applications, and systems to identify unauthorized access patterns, trends, and emerging attack vectors.
  
• Triage and document security alerts; produce formal incident reports with actionable remediation steps.
  
• Research emerging threats and CVEs; assess applicability and risk to the organization.
  

Vulnerability & Configuration Management

• Plan, execute, and manage enterprise vulnerability scans across cloud infrastructure, containers, and application layers.
  
• Identify and resolve false positives; perform compensating controls analysis and validate control efficacy.
  
• Enforce configuration and hardening standards across compute, networking, and application environments.
  
• Produce vulnerability, configuration, and coverage metrics to demonstrate assessment coverage and remediation effectiveness.
  

Security Engineering & Controls

• Implement and maintain security controls across cloud infrastructure, identity management, and application layers.
  
• Integrate security tooling into development and deployment pipelines to enable a secure-by-default engineering culture.
  
• Recommend and implement security controls and corrective actions to mitigate technical and business risk.
  
• Develop and enforce security standards across systems, software, and networking components.
  

Compliance & Governance (SOC 1/2 · PCI DSS)

• Act as the primary point of contact for SOC 1, SOC 2, and PCI DSS audit engagements.
  
• Design and maintain compliance controls, gather evidence, and drive audit readiness across all trust service criteria.
  
• Scope and segment the PCI Cardholder Data Environment (CDE) and ensure appropriate network segmentation.
  
• Manage audit trails, access reviews, change management procedures, and data classification policies.
  
• Establish and govern the IT risk and compliance framework; manage third-party and vendor risk.
  
• Recommend improvements to the Information Security Program, reporting findings to the Information Security Officer.
  

Reporting & Policy

• Generate executive-ready reports on assessment findings and summarize to facilitate remediation across teams.
  
• Manage and maintain security policies and procedures organization-wide.
  
• Perform periodic security and compliance-related reviews and audits.
  

Experience & Education

• 5–8 years of experience in IT Security, Controls, or Auditing
  
• Bachelor's degree in Computer Science, Information Technology, or a related field
  

Technical Skills

• Threat analysis: malicious activity identification, TTPs, attacker behavior analysis
  
• Network & protocol security: TCP/IP, UDP, IPSEC, HTTP/S, DNS, TLS — vulnerabilities and remediation
  
• Security engineering: cryptography, authentication protocols, PKI, application and API security
  
• Cloud security: Azure Defender, Entra ID / RBAC, Private Endpoints, WAF, DDoS Protection, Key Vault
  
• Container & Kubernetes security: image scanning, RBAC, Pod Security Standards, network policies, runtime protection
  
• DevSecOps: CI/CD pipeline security integration, IaC scanning, secrets scanning and management
  
• SIEM & monitoring: Azure Sentinel or equivalent — alert tuning, playbooks, log aggregation
  
• Application security: OWASP Top 10, SAST/DAST tooling (Snyk, SonarQube, OWASP ZAP), dependency and supply-chain security
  
• Compliance tooling: SOC 2 evidence management platforms, PCI DSS scoping and controls
  

Professional Skills

• Strong analytical and risk-based decision-making capability
  
• Ability to translate technical risk into business language for executives and auditors
  
• Influencing skills — ability to drive a secure-by-default culture across engineering and operations teams
  
• Excellent written and spoken English; skilled at producing clear technical documentation and reports
  
• Customer-focused mindset with a commitment to high-quality, timely outcomes
  
• Proficient with Microsoft Office (Word, Excel, PowerPoint)
  
• Strong multi-tasking and remote collaboration capabilities
  

Work Details

• Schedule: Monday – Friday, 10:00 AM – 7:00 PM (or as agreed with supervisor - will be hybrid based on demand)
  
• Travel: Up to 15%
  

• ISO/IEC 27001 Lead Implementer or Auditor
  
• Certified Ethical Hacker (CEH) or OSCP
  
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  
• CISSP, CISM, or CompTIA Security+
  
• PCI Internal Security Assessor (ISA) or PCIP
  
• Experience with GRC/continuous compliance platforms (Vanta, Drata, Tugboat Logic)