Job Description
ASSOCIATE ENGINEER - INFORMATION SECURITY
A key role in monitoring networks for potential threats, implementing software to protect against online vulnerabilities, documenting security breaches, and reporting issues. If you are interested in joining our team and meet the requirements below, this opportunity is for you!
Key Responsibilities:
- Managing and maintaining the Security Information and Event Management (SIEM) system to ensure proactive threat detection and response.
- Monitor and respond promptly to information security incidents maintain with minimal Mean Time to Contain (MTTC) through collaboration with the 24/7 Security Operations Center (SOC) to ensure timely resolution and risk mitigation.
- Continuously monitor and review all internal records associated with the Information Security Management System (ISMS) to ensure compliance with ISO 27001 standards.
- Conduct periodic vulnerability testing and penetration assessments for all internal and external CSE web applications, mobile applications, all internal servers and desktops to identify and mitigate potential security risks.
- Manage and monitor Endpoint Security, Encryption, and Data Loss Prevention (DLP) systems to safeguard organizational data.
- Assist in the preparation and coordination of internal and external audits related to the ISO 27001 Information Security Management System and Information security projects.
- Support the organization's information security awareness sessions to promote a culture of security consciousness among staff.
Key Requirements:
- A bachelor's degree in information technology, Engineering, IT Security or Cyber Security.
- Minimum of 03 years’ experience in assisting, managing or maintaining of Cyber security operations in a technology intensive industry such as Finance, IT, ISP etc.
- Industrial Certificate such as CEH, CCNA, Cloud Security Certifications or MCSE would be an added advantage.
- Extensive hands-on experience in vulnerability assessments, penetration testing and Threat hunting with a focus on identifying and mitigating security risks.
- Hands-on experience and in-depth knowledge of vulnerability management tools, including Burp Suite, Nexpose, and Qualys Guard etc and manual testing with a proven ability to identify, assess, and mitigate security vulnerabilities across various systems and applications.
- Familiarity with DevSecOps practices for embedding security into DevOps workflows, promoting continuous security in development cycles.
- Collaborative team player who is highly organized, proactive, energetic, and maintains a positive attitude.
Send us your updated CV at careers@cse.lk within 7 days of this advertisement, and let’s explore the possibilities together!
We are an equal opportunity employer and invite all eligible candidates to be a part of the CSE Team.