Senior Information Security Engineer

Senior Information Security Engineer

Overview

We are seeking a highly motivated Senior Information Security Engineer to support and strengthen our organization's security and compliance posture. The ideal candidate will have hands-on experience with ISO/IEC 27001, security operations, vulnerability management, risk assessments, and incident response, along with the ability to work cross-functionally with technical and business stakeholders.

Key Responsibilities

• Maintain and continuously improve the Information Security Management System (ISMS) in accordance with ISO/IEC 27001.
• Develop, review, and maintain security policies, procedures, standards, and supporting documentation.
• Coordinate internal, external, and surveillance audits, including corrective action tracking and closure.
• Conduct risk assessments and support risk treatment planning activities.
• Perform vendor and third-party security assessments.
• Coordinate and deliver security awareness and training initiatives across the organization.
• Manage vulnerability assessment and remediation activities, working closely with development and infrastructure teams to track and resolve findings.
• Support periodic access reviews, asset management reviews, and compliance activities.
• Monitor and investigate security events generated from SIEM, EDR/XDR, and other security solutions.
• Support incident response activities and coordinate with relevant stakeholders during security incidents.
• Assist in maintaining security controls across cloud and on-premises environments.
• Generate security metrics, reports, dashboards, and management updates.
• Collaborate with IT, DevOps, Engineering, HR, and business teams to ensure compliance with security requirements and best practices.

Qualifications, Skills & Experience

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field.
• 5 years of experience in Information Security, Cybersecurity, Governance, Risk & Compliance (GRC), or Security Operations.
• Demonstrated hands-on experience with ISO/IEC 27001 implementation, maintenance, and audit activities.
• Strong understanding of information security governance, risk management, and compliance principles.
• Experience developing and maintaining security policies, procedures, standards, and documentation.
• Experience with SIEM platforms such as Wazuh or similar solutions.
• Experience with vulnerability management tools such as Nessus, OpenVAS, or equivalent.
• Familiarity with EDR/XDR solutions such as SentinelOne or similar technologies.
• Experience coordinating security assessments, VAPT activities, and remediation tracking.
• Familiarity with identity and access management, endpoint security, and security monitoring controls.
• Knowledge of industry frameworks and standards such as ISO/IEC 27002, NIST CSF, CIS Controls, and OWASP.
• Excellent communication, documentation, and stakeholder management skills.
• Ability to independently manage security initiatives and collaborate across departments.

Preferred Certifications

• ISO/IEC 27001 Lead Implementer
• ISO/IEC 27001 Lead Auditor
• CISM
• CISSP
• CEH
• Other relevant cybersecurity certifications

A Culture of Belonging

At our core, we value diversity and inclusion. As an equal opportunity employer, we are dedicated to creating a workplace where every voice is heard, every person is respected, and everyone has the opportunity to succeed.