Security Engineer

ISA is a premier technology solution provider for the Aviation industry. We are backed by Air Arabia and headquartered in Sharjah, UAE.(www.isa.ae )ISA (Information Systems Associates) is a premier in the field of Information Technology providing best-of-breed technology solutions for the global travel and aviation industry since 2005. We offer a wide range of tailor-made aviation technologyWe are hiring Pune, India.Job Title: Security Engineer Job Type: Full-time Reports To: Security ArchitectJob Overview:We are seeking ahighly skilled Security Engineerto design, implement, and manage the security architecture of our organization. The ideal candidate will be responsible forfirewall and endpoint security, WAF implementation, VAPT, fraud investigation, dark web monitoring, brand monitoring, email security, and compliance enforcement . The role requires expertise in securing IT infrastructure, conducting risk assessments, ensuring compliance, and implementingMicrosoft security layersto strengthen the organization's security posture.Key Responsibilities:1. Firewall, Endpoint & WAF Security Design, configure, and managefirewalls(Palo Alto, Fortinet, Cisco ASA, Check Point). Deploy and maintainWeb Application Firewalls (WAF)for web security (Cloudflare, Imperva, AWS WAF). ImplementEndpoint Detection & Response (EDR)solutions likeMicrosoft Defender for Endpoint, CrowdStrike, SentinelOne . Conduct regular firewall rule audits, optimize configurations, and enforceZero Trust principles .2. Microsoft Security Layer Implementationa. Microsoft Email Security Configure and manageMicrosoft Defender for Office 365to protect against phishing, malware, and email threats. ImplementSafe Links, Safe Attachments, and Anti-Phishing policies . Monitor and respond to email security alerts inMicrosoft Security Portal . Conductemail security threat huntingusing Defender for O365 and advanced hunting queries. b. Microsoft Endpoint Security Deploy and manageMicrosoft Defender for Endpoint (MDE)to protect corporate devices. Enforceattack surface reduction (ASR) rulesfor endpoint protection. Configureendpoint compliance policiesusingMicrosoft Intune . ImplementDLP (Data Loss Prevention) policiesto prevent data exfiltration. c. Compliance & Risk Management Implement and monitorMicrosoft Purview Compliance Managerfor risk assessment. EnforceInformation Protection & Encryption Policiesusing Microsoft Purview. Configure and manageConditional Access PoliciesinMicrosoft Entra ID . Ensure compliance with security frameworks likeISO 27001, NIST, CIS, and GDPR . 3. Dark Web Monitoring & Brand Protection Monitordark web forums, marketplaces, and underground networksfor stolen credentials, data leaks, and insider threats. Implementdark web intelligence toolssuch as Recorded Future, Digital Shadows, or Microsoft Defender Threat Intelligence. Work withthreat intelligence platformsto detect and respond tobrand impersonation, phishing sites, and fraudulent domains . Collaborate withlegal and compliance teamsto enforce takedowns of malicious content.4. Fraudulent Incident Investigation & Threat Hunting Investigatefraud incidents, phishing attempts, and business email compromise (BEC) . Conductforensic analysison compromised endpoints, servers, and email accounts. Develop and implementthreat intelligence and threat huntingprocesses. Work closely withSOC teams for incident response and mitigation .5. VAPT & IT Security Operations PerformVulnerability Assessments & Penetration Testing (VAPT)on infrastructure, applications, and cloud environments. Implement and manageintrusion detection/prevention systems (IDS/IPS) . Monitor, analyze, and mitigate vulnerabilities fromexternal and internal security scans . Work with teams to remediate vulnerabilities and harden IT assets.6. IT Security & Compliance Management Develop and enforcesecurity policies, standards, and procedures . ImplementZero Trust Architecture and IAM policies . Conduct security awareness training and phishing simulations. Ensure compliance withISO 27001, NIST, CIS, PCI-DSS, GDPR, and other industry standards .Required Qualifications & Skills:Technical Skills:✅Firewall & Network Security:Palo Alto, Fortinet, Cisco ASA, Check Point ✅Microsoft Security Stack:Defender for Endpoint, Defender for Office 365, Intune, Purview Compliance ✅Endpoint Security & EDR:Microsoft Defender, CrowdStrike, SentinelOne ✅WAF & Web Security:Imperva, AWS WAF, Akamai, Cloudflare ✅VAPT & Red Teaming:Burp Suite, Nessus, Metasploit, Kali Linux, OWASP ZAP ✅SIEM & Threat Intelligence:Microsoft Sentinel, Splunk, QRadar, ELK Stack, MITRE ATT&CK ✅Cloud Security:Azure Security Center, AWS Security Hub, GCP Security Command Center ✅IAM & Zero Trust:Okta, Microsoft Entra ID, Conditional Access Policies, PAM ✅Dark Web & Brand Monitoring:Recorded Future, Digital Shadows, Microsoft Defender Threat IntelligenceSoft Skills:Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to work independently and in cross-functional teams. Proactive security mindsetwith attention to detail.Certifications (Preferred, but not mandatory):✔️CISSP– Certified Information Systems Security Professional ✔️CEH– Certified Ethical Hacker ✔️OSCP– Offensive Security Certified Professional ✔️CISM/CISA– Certified Information Security Manager/Auditor ✔️Microsoft Certified: Cybersecurity Architect (SC-100) ✔️Microsoft Certified: Security Operations Analyst (SC-200) ✔️Microsoft Certified: Information Protection Administrator (SC-400)Experience Required:5+ yearsof experience inIT Security, Cybersecurity, and Threat Intelligence . Hands-on expertise infirewall management, endpoint security, WAF, email security, and compliance . Strong experience infraud investigation, dark web monitoring, and brand protection . Proven ability tosecure cloud, hybrid, and on-premises environments .Please send your profiles tocareers@isa.ae