IT Security Engineer - Offensive Security

This role focuses on Offensive Security, with an emphasis on Penetration Testing to identify, exploit, and remediate vulnerabilities across systems, networks, and applications.

Summary

The Security Engineer will oversee IT security assessments for corporate desktops, servers, infrastructure applications, and networks. This role is pivotal in enforcing security policies, ensuring compliance with external audit requirements, and implementing recommendations. The engineer will also monitor alerts for anomalies or malicious activity and address audit findings.

Key Responsibilities

Vulnerability and Penetration Testing:

• Plan, execute, and follow up on vulnerability scans, penetration tests, and remediation processes across all scopes.
• Organize and manage Purple Team exercises, including remediation efforts.

Firewall and Network Security:

• Conduct annual firewall rule reviews and manage firewall rule change processes.
• Review and validate network architecture designs.

Compliance and Controls:

• Ensure adherence to IT security directives and regulatory guidelines (e.g., FFIEC, NIST).
• Perform cybersecurity controls and support continuous monitoring through Key Risk Indicators (KRIs) and Key Controls.
• Respond to internal audit findings by developing controls and documentation.

System and Host Monitoring:

• Regularly perform host discoveries to ensure all assets comply with standards and are appropriately monitored.
• Validate compliance with security patches on all servers and desktops.
• Ensure security tools (e.g., AV, DLP, patch agents) are effectively registered and monitored.

Process Optimization and Automation:

• Enhance security controls and processes through scripting, tools, and automation.
• Continuously assess risks, threats, and vulnerabilities to evolve security functions.

Awareness and Development:

• Stay updated on cybersecurity trends and industry best practices.
• Develop solutions for malware, advanced persistent threats, and other cyber risks.
• Support IT security awareness campaigns and act as a backup for the IT Security Engineering Manager.

Policy Maintenance:

• Update local policies, procedures, and standards.

Management and Reporting

• Reports to: Director of IT Security Engineering.
• Internal Contacts: Collaborates with IT, security, and audit teams.
• External Contacts: Engagements vary by project or incident, involving IT, business, and management stakeholders.