Cyber Security Engineer

Position Title : Cybersecurity : : IT Security & Type : To : Chief Information Security Officer (CISO) / IT Security ManagerRole Overview :We are seeking a highly skilled Cybersecurity Professional to safeguard our IT infrastructure, applications, and data assets against evolving cyber threats. The role involves conducting vulnerability assessments, penetration testing, network and cloud security, compliance audits, incident response, and employee training. The ideal candidate should have hands-on expertise across prevention, detection, response, and compliance frameworks (e.g., NIST, ISO 27001, HIPAA, SOC2).Key Responsibilities :Security Assessments & Audits :- Perform vulnerability assessments and penetration tests across networks, servers, endpoints, and applications.- Conduct configuration audits of firewalls, routers, and cloud environments.- Support and maintain compliance with HIPAA, PCI DSS, SOC2, ISO 27001, GDPR, NIST.Network, Infrastructure & Cloud Security :- Configure, monitor, and manage firewalls, IDS/IPS, and VPNs.- Implement Zero Trust security models and secure remote access.- Secure cloud environments (AWS, Azure, GCP) with IAM, encryption, and monitoring.- Protect wireless and IoT networks from unauthorized access.Endpoint & Application Security :- Deploy and manage EDR/XDR solutions across endpoints.- Ensure timely patch management for all critical systems.- Perform secure code reviews, API testing, and DevSecOps integration.- Manage Mobile Device Management (MDM) for BYOD and enterprise devices.Threat Monitoring & Detection :- Operate and maintain SIEM platforms (Splunk, QRadar, ELK).- Work with SOC teams to monitor logs and detect anomalies.- Conduct threat hunting activities to uncover hidden risks.- Respond to security alerts in real time.Incident Response & Recovery :- Lead incident detection, containment, and eradication efforts.- Perform digital forensics on compromised systems.- Develop and maintain Disaster Recovery (DR) and Business Continuity Plans (BCP).- Conduct post-incident analysis and provide lessons learned reports.Identity & Access Management (IAM) :- Manage user provisioning, role-based access control, and Privileged Access Management (PAM).- Implement Multi-Factor Authentication (MFA) and Single Sign-On (SSO).- Ensure compliance with least-privilege and Zero Trust Risk & Compliance (GRC) :- Develop and enforce cybersecurity policies, SOPs, and guidelines.- Conduct risk assessments and maintain a risk register.- Collaborate with auditors for compliance certifications (SOC2, ISO, HIPAA, GDPR).- Assess and monitor third-party vendor security.Security Awareness & Training :- Deliver cybersecurity awareness training for employees.- Conduct phishing simulations and share reports.- Educate executives and stakeholders on cyber risks and strategy.Data Protection & Privacy :- Implement data encryption (at rest and in transit) and DLP controls.- Manage secure data backup and recovery processes.- Conduct Privacy Impact Assessments to ensure regulatory compliance.Key Performance Indicators (KPIs) :- 95% critical vulnerabilities remediated within SLA.- 99% uptime of security monitoring tools.- Zero major security incidents causing data loss/financial loss.- Achieve/maintain compliance certifications (SOC2, ISO 27001, HIPAA, PCI DSS).- 90% employee completion of cybersecurity awareness & Skills :Education & Experience :- 3- 7 years of experience in cybersecurity roles (analyst, engineer, consultant).- Experience working with North American/Global clients preferred.Technical Skills :- Strong knowledge of firewalls, SIEM, IDS/IPS, EDR/XDR, and IAM solutions.- Hands-on with penetration testing tools (Nmap, Metasploit, Burp Suite, Nessus, Wireshark).- Familiarity with cloud security (AWS/Azure/GCP).- Knowledge of compliance standards: HIPAA, PCI DSS, SOC2, ISO 27001, NIST CSF.- Scripting/automation in Python, PowerShell, or Bash is a plus.Certifications (Preferred) :- CEH (Certified Ethical Hacker)- CISSP (Certified Information Systems Security Professional)- CISM (Certified Information Security Manager)- CompTIA Security+ / CySA+- CCSP (Certified Cloud Security Professional)- ISO 27001 Lead Auditor (advantageous)Why Join Us?- Work on cutting-edge cybersecurity projects with global clients.- Gain cross-industry exposure in healthcare, fintech, retail, logistics, IT.- Opportunity to lead projects in cloud security, compliance, and incident response.- Competitive salary, certification sponsorship, and performance incentives. (ref:hirist.tech)