- Develop and oversee key performance indicators (KPIs) for security.
- Oversee service level agreements (SLAs) for security operations and create risk-based dashboards for reporting.
- Create and implement a comprehensive vulnerability management program, including managing activities related to vulnerability assessment (VA) and penetration testing (PT).
- Develop and implement security programs for network, server, and cloud environments, including onboarding processes and pre- and post-scanning activities.
- Conduct periodic configuration reviews based on CIS benchmarks.
- Manage the application security program by identifying and mitigating risks in collaboration with business application teams.
- Collaborate in managing the endpoint security, network security, and server security programs.
- Collaborate in managing the overall security operations management program.
- At least 3-5 years of documented work experience in security engineering.
- Prior practical knowledge of web, mobile, and cloud security.
- Hands-on experience in constructing and maintaining security measures such as firewalls, intrusion detection systems, antivirus software, authentication systems, content filtering, etc.
- Thorough understanding of IT infrastructure concepts across all layers, including Servers, Networks, End User Computing, and Cloud.
- Experience in designing and implementing risk-based information security programs.
- Hands-on experience in implementing standards such as ISO 27001, NIST, CIS, or equivalent.
- Hands-on experience in designing, implementing, and managing Data Leak Prevention programs.
- Hands-on experience in conducting application security assessments, both manual and tool-based.
- Gained solid understanding of OWASP, CIS, and NIST guidelines for application security.
- Experience in utilizing anti-malware solutions.
- Experience in designing security programs for cloud services, including IAAS, PAAS, and SAAS.
- Hands-on experience with native cloud security capabilities.
- Experience in implementing cloud security solutions like CASB.
- Excellent communication and presentation skills.
- Experience in collaborating with mid-level and senior-level management, with the ability to understand business processes and requirements.
- Understanding and effectively communicating security risks to core technology teams and business functions.
- Preferred certifications: CISSP, CCSP, CISM, ISO 270001 LI/LA.