Security Engineer

Overview of the position

In this role, you’ll help support Enhesa’s cybersecurity infrastructure by putting strong security controls in place, deploying innovative security solutions, and digging into security incidents when they occur. You’ll play a key part in keeping our security posture strong through careful incident analysis and smart mitigation strategies.

You’ll also work closely with different teams across the company, making sure our security policies and procedures align with business goals and compliance requirements. Staying up to date on the latest cybersecurity trends and threats will be important, and we encourage continuous learning and professional growth.

Overall, this role calls for a proactive mindset; anticipating potential vulnerabilities and taking preventive action to stop incidents before they happen.

Core responsibilities

• Implement and maintain security measures and controls.
• Monitor security systems and analyze potential threats.
• Conduct security assessments and audits.
• Develop and enforce security policies and procedures.
• Participate in incident response activities, including investigation, documentation, and coordination of recovery efforts.

Education Level

Bachelor’s or advanced degree in computer science, artificial intelligence, mathematics, or related field or professional cybersecurity certifications in lieu of a formal degree.

Experience

At least 3 years of experience as cybersecurity professional

Required Skills

• Knowledge of networks (TCP/IP, LAN/WAN) Must possess a solid understanding of networking basics, including TCP/IP protocols, and the configuration and operation of both Local Area Networks (LAN) and wide Area Networks (WAN). Awareness of how these networks facilitate communication and the potential security implications is essential.
• Basic familiarity with the OSI (Open Systems Interconnection) model, including the understanding of its seven layers and how they contribute to network communications and cybersecurity practices.
• Security protocols, for example: (HTTPS, DNS, SMTP, FTP, SSH).
• Firewalls (IDS/IPS) familiar with the concepts and purposes of these tools.
• Understanding of information security principles, such as confidentiality, integrity, and availability.
• Spam and Malware Filtering: Knowledge about how spam and malware filtering systems work.
• Phishing and Spear Phishing: Understanding of phishing and spear phishing techniques, including how to identify fraudulent emails and preventative measures to educate end-users.
• Email Authentication: Familiarity with email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC.
• Familiarity with operating systems, especially Windows, Linux or Unix, and MacOS.
• Knowledge and familiarity with incident investigation and response processes.
• Specific Knowledge and Skills such as programming languages (Python, Powershell)
• Knowledge of securing cloud environments (AWS, Azure, GCP)
• Familiarity with concepts like IAM (Identity and Access Management), encryption in transit and at rest, and shared responsibility models.
• Understanding of securing virtual machines and containerized environments.
• Experience with Security Information and Event Management tools (e.g., Sentinel) for monitoring and analyzing security events.
• Knowledge of antivirus, EDR (Endpoint Detection and Response) solutions.
• Ability to think critically and solve problems under pressure identify appropriate datasets and drive annotation for machine learning techniques.
• Commitment to continuous learning and skill updating.