Introduction
The Mid-Level Security Engineer is responsible for designing, implementing, and maintaining security solutions to protect the organisation’s information systems and data. This role involves identifying security vulnerabilities, responding to threats, and ensuring compliance with industry standards and regulations. The ideal candidate will have a strong technical background in cybersecurity, experience with security tools, and the ability to collaborate with cross-functional teams to enhance security posture.
Description
PRIMARY RESPONSIBILITIES FOR THE ROLE
Security Operations & Incident Response
· Monitor, detect, and respond to security incidents, threats, and vulnerabilities in a timely manner.
Security Infrastructure Management
· Configure, manage, and maintain security technologies, such as firewalls, IDS/IPS, SIEM, endpoint protection, and cloud security solutions.
Risk Assessment & Mitigation
· Conduct security risk assessments, identify potential threats, and implement mitigation strategies.
Compliance & Governance
· Ensure compliance with industry regulations and frameworks such as ISO 27001, NIST, SOC 2, and GDPR.
Threat Intelligence & Vulnerability Management
· Perform regular vulnerability assessments, penetration testing, and security audits.
Secure Development Practices
· Work closely with development teams to integrate security best practices into the software development lifecycle (SDLC).
Identity & Access Management
· Manage user access controls, multi-factor authentication, and privileged access management.
Security Awareness & Training
· Educate employees on cybersecurity best practices and emerging threats.
Minimum Requirements
QUALIFICATIONS AND EXPERIENCE
· Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CISM, CEH, OSCP) are a plus.
· 3-5 years of experience in cybersecurity, security engineering, or related fields.
REQUIRED SKILLS & COMPETENCIES
Technical:
· Hands-on experience with security tools (SIEM, EDR, IDS/IPS, firewalls, etc.).
· Knowledge of network security, cloud security (AWS, Azure, GCP), and endpoint protection.
· Proficiency in scripting languages (Python, Bash, PowerShell) for automation.
· Familiarity with penetration testing techniques and tools.
· Understanding of encryption, authentication, and access control mechanisms.
· Experience with DevSecOps and CI/CD pipeline security is a plus.
Soft Skills
· Strong problem-solving and analytical skills.
· Excellent communication and collaboration abilities.
· Ability to work independently and as part of a team.
· Attention to detail and a proactive security mindset.
Desired Skills:
- Security
- CISSP
- CISM
- CEH
- OSCP