JOB DESCRIPTION:  Job Title:             &nbs...

JOB INDEX - 6 months ago - Job Mail

6 months ago

Security Engineer (level 2)

JOB DESCRIPTION:

 

Job Title:                                 Security Engineer (Level 2)

Employment Type:                Permanent

Work Location:                      Johannesburg

JOB ROLE

As a Security Engineer your main responsibility will be to support the maintenance and protection of an organization\'s information systems and networks.

You will assist in monitoring, detecting, and responding to potential cyber threats and incidents.

In addition, you will be required to support the implementation and maintenance of network security measures within an organization.

You will also be required to assist with professional services projects as the lead engineer or to assist the lead engineer.

 

ROLES AND

RESPONSIBILITIES:

  • Investigate security incidents and provide timely response and resolution.
  • Maintain security controls and technologies, such as firewalls, intrusion detection/prevention systems, endpoint protection, and data loss prevention.
  • Collaborate with cross-functional teams to develop and implement security best practices and policies.
  • Assist in the development and maintenance of security documentation, including incident response plans and standard operating procedures.
  • Stay updated with the latest security threats, vulnerabilities, and industry trends to enhance the organization\'s security posture.
  • Provide support and guidance to end-users regarding security-related concerns and best practices.
  • Participate in security incident response activities, including containment, eradication, and recovery.
  • Contribute to security awareness and training programs for employees.

         L2 Ticket handling/Level 2 Support Cases:

  • Incident Response and Investigation: Lead the response and investigation of security incidents, conducting root cause analysis, and coordinating with relevant teams to contain and mitigate the impact.
  • Security Infrastructure Management: Manage and maintain security infrastructure, which includes firewalls, intrusion prevention systems (IPS), secure web gateways, and other security devices. They configure and fine-tune security systems to ensure optimal performance and effectiveness.
  • Vulnerability Management: Take charge of vulnerability scanning, assessment, and remediation. They collaborate with relevant teams to prioritize and address vulnerabilities.
  • Security Architecture and Design: Assist in designing and implementing security solutions, including network security architecture, secure remote access solutions, identity, and access management (IAM) systems, and encryption mechanisms.
  • Security Policies and Procedures: Level 2 Security Engineers contribute to the development and implementation of security policies, standards, and procedures. They ensure compliance with applicable regulations and industry best practices.

EXPERIENCE:

  • 2-5 years’ experience.
  • A deep understanding of various security technologies, tools, and frameworks. This includes experience with firewalls, intrusion detection/prevention systems, network security, secure coding practices, secure protocols, encryption, vulnerability assessment tools, and incident response procedures.
  • Strong experience in incident response and investigation is crucial at this level. Hands-on experience in leading and coordinating incident response activities, conducting root cause analysis, and implementing measures to prevent similar incidents in the future.
  • Solid experience in designing and implementing secure architectures for networks, systems, applications, and cloud environments. This involves a thorough understanding of security best practices, industry standards, and regulatory requirements.
  • A solid understanding of compliance requirements and be able to ensure that systems and processes align with relevant standards.
  • Team Collaboration and Leadership: Level 2 security engineers often need to collaborate with cross-functional teams, provide mentorship to junior staff, and lead security initiatives. Therefore, experience in effectively communicating and working with stakeholders from different departments is valuable.
  • Continuous Learning and Industry Awareness: Given the constantly evolving nature of cybersecurity, a Level 2 security engineer should demonstrate a commitment to continuous learning. Staying updated with the latest security threats, technologies, and industry trends is crucial to effectively mitigate risks and implement proactive security measures.

COMPETENCIES:

  • Excellent analytical and problem-solving skills, with the ability to think strategically and tactically.
  • Technical Expertise: Advanced knowledge and skills in various areas of information security, including network security, systems security, application security, cryptography, incident response, secure coding practices, vulnerability management, and security architecture. Proficient in using security tools and technologies, a solid understanding of different operating systems, networking protocols, and cloud platforms.
  • Incident Response and Investigation: Ability to lead and coordinate the response to security incidents. This involves strong analytical and problem-solving skills, as well as the ability to conduct thorough investigations, perform root cause analysis, and implement corrective measures to prevent future incidents. Be familiar with incident response frameworks and have experience in managing and mitigating complex security incidents.
  • Security Architecture and Design: Competency in security architecture and design involves the ability to assess system requirements, identify security risks, and develop and implement effective security controls. Have a deep understanding of security 
  • principles, frameworks, and best practices. Design secure architectures for networks, systems, applications, and cloud environments, considering factors such as scalability, resiliency, and compliance requirements.
  • Compliance and Risk Management: Understand and apply relevant security standards, regulations, and compliance frameworks. This includes knowledge of frameworks such as ISO 27001, NIST, PCI-DSS, or HIPAA. Conduct risk assessments, identify vulnerabilities and risks, and develop strategies to mitigate them effectively. Understand privacy regulations and data protection practices.
  • Communication and Collaboration: Strong communication and collaboration skills are essential. Effectively communicate complex security concepts to technical and non-technical stakeholders, both orally and in written form. Collaboration with cross-functional teams, such as IT teams, developers, and management, is often required to implement security measures and initiatives successfully.
  • Leadership and Mentoring: Responsible for mentoring and providing guidance to junior engineers. Therefore, they should possess leadership skills, including the ability to motivate, inspire others, and delegate tasks.

QUALIFICATIONS:

  • A bachelor\'s degree in computer science, information security, cybersecurity, or a related field is typically preferred. The degree should provide a strong foundation in security principles, network architecture, programming, and systems administration.
  • Certified in Fortinet NSE 5. (NSE 6 advantage. Engineer will be required to do this in their first 12 months in the role) Any other equivalent/similar technology certification will be considered.
  • Certifications: While not always mandatory, certifications can enhance the qualifications. Common certifications include:
  • Certified Information Security Manager (CISM)
  • ITIL
  • COBIT 5
  • TOGAF
  • ISC2 CC
  • N+
  • S+

KNOWLEDGE:

  • Knowledge of Standards and Regulations: A strong understanding of relevant security standards, regulations, and frameworks, such as:
- ISO 27001/27002

- NIST Cybersecurity Framework

- PCI-DSS (Payment Card Industry Data Security Standard)

- HIPAA (Health Insurance Portability and Accountability Act)

- GDPR (General Data Protection Regulation)

- Industry specific regulations and compliance requirements

PACKAGE & REMUNERATION:

  • Negotiable depending on Qualifications and Experience.