The Information Security Engineer is responsible for safeguarding the organisation's information systems against unauthorised access, modification, or destruction. This role combines hands-on security operations with the design and implementation of secure network and system architectures, ensuring proactive threat detection and effective incident response.

Key Responsibilities

Security Architecture & Engineering

• Design, implement, and maintain robust security infrastructure across the organisation.
• Develop and deploy secure network architectures and system configurations aligned with best practices.
• Implement and manage security tools and platforms to protect systems and data.

Monitoring & Threat Management

• Perform continuous monitoring of networks and systems to detect potential threats.
• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Ensure rapid identification, analysis, and response to security incidents.

Incident Response & Risk Mitigation

• Establish and maintain incident response protocols and procedures.
• Investigate security breaches and implement corrective actions to prevent recurrence.
• Develop automated solutions to mitigate vulnerabilities and streamline security operations.

Collaboration & Governance

• Work closely with IT teams to define and enforce security standards, controls, and configurations.
• Support the selection and deployment of security technologies aligned with business needs.
• Ensure compliance with internal policies and relevant regulatory requirements.

Training & Awareness

• Educate and train staff on information security policies, procedures, and best practices.
• Promote a security-first culture across the organisation.

Qualifications & Experience

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Relevant certifications preferred: CISSP, CISM, CEH, CompTIA Security+, GSEC, or similar.
• Proven experience as an Information Security Engineer or in a similar role.
• Hands-on experience with penetration testing and security assessment techniques.
• Strong understanding of firewalls, proxies, SIEM, antivirus, and intrusion detection/prevention systems (IDPS).
• Experience identifying, analysing, and mitigating network vulnerabilities.
• Working knowledge of programming/scripting languages such as Python, SQL, Perl, Ruby, or Go.

Skills & Competencies

Technical Skills

• Strong knowledge of networking protocols and infrastructure (routing, firewalls, IDS/IPS, encryption, load balancing).
• Experience with Active Directory and Linux system administration.
• Proficiency with vulnerability management and security tools (e.g. Greenbone, OpenVAS, Nessus, Intune, PingCastle).
• Up-to-date knowledge of cybersecurity trends, threats, and risk management practices.

Behavioural Competencies

• Strong analytical and problem-solving abilities.
• Ability to work effectively under pressure and respond to incidents accurately.
• Excellent communication and presentation skills.
• Ability to translate complex technical concepts for non-technical stakeholders.
• Strong project management and prioritisation skills.