Senior Security Engineer at Sendy Limited

About The Role

Security Engineers are tasked with building and maintaining security infrastructure for Sendy’s application platforms. They work closely with the engineering teams responsible for running and maintaining our infrastructure.

Key Duties and Responsibilities

• Plan, scope and budget individual cyber review assignments including continuous cyber security scans of the Company’s technical environment.
• Lead the planning process of cyber reviews in conjunction with the Head of Information Technology. 
• Coordinate control related activities together with related IT governance functions including cyber security  assessment and related findings and provide input to the management committee.
• Develop cyber assessment plans of assigned cyber assurance and advisory services based on the annual cyber security based plan focusing on the key critical risk areas.
• Execute cyber security as per the set plans and in accordance with policies, procedures and best practice as might be necessary.
• Manage and align assignment resources, efforts and goals; identify and remove barriers in order to achieve optimal results. 
• Review working papers in line with recommended cyber security standards ensuring proper identification, development, and documentation of cyber security issues and recommendations using independent judgment.
• Review and draft timely cyber security reports for senior management ensuring all the conclusions provide high-level assurance, reduce risk and/or create positive change. 
• Liaise with departmental heads to ensure findings and recommendations are accepted and implemented
• Provide consultancy services to project teams on cyber risks, system controls and best practices while maintaining independence. 
• Provide advice and effective challenge to internal stakeholders regarding the implications on the IT control environment on business strategy and operating environment.
• Undertake to assist in investigation of cases of internal and external cyber frauds, as requested.
• Strong collaboration with other lines of cyber defence to provide integrated assurance.
• Review procedures, processes and records to ensure they are in line with the cyber security objectives and appraise policies and plans of activities, departments and functions under review.
• Oversee cyber secrity and inspection plans, schedule and review of work-papers.
• Develop sustainable and re-useable data analytics models and programs to improve the efficiency of the cyber security program and to improve coverage.
• Build and maintain dashboards and common data sets regularly required by audit delivery teams.
• Liaise with external cyber security consultants and other regulatory monitoring agencies and implement recommendations to improve technological controls, promote growth and ensure compliance with the law, applicable legislation and regulatory framework.
• Strong relationships and communications with Senior management to ensure concerns are addressed and expectations met.
• Provide ongoing coaching and feedback to direct reports.
• Identify development and training needs and develop plans to satisfy areas identified.

About You

• Knowledgable on cyber security frameworks such as NIST and ISO27000 series.
• Hands on cyber security assessments including vulnerability management penetration testing, cyber incident management and system recovery.
• Experience with cyber security tools including but not limited to vulnerability managers, SIEM, SOAR, exploitation suites, IPS/IDS database activity monitoring tools, malware management tools among others.
• Experience in cyber security regulations and guideline.
• Experience in cyber security policy formulation.
• Experience with cloud security architectures and technologies
• Experience identifying and mitigating security issues in production services and in pre-production planning
• Experience working on highly distributed and scalable systems
• Experience designing, deploying, and managing tools that automate security functions.

Technical Competencies

• 5+ years of relevant work experience in a busy IT Environment with clear understanding of every field of IT and an appreciation for emerging Technologies.
• Experience with Cloud security (AWS, GCP,, etc.)
• DevOps and configuration management with tools like Terraform, Ansible, etc.
• Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Ethical Hacking.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk. 
• Experience with IPS/IDS, SIEM, DLP, Active Directory and other security technologies. 
• In-depth familiarity with security policies based on industry standards and best practices
• Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
• Identity and Access Management policy application and enforcement
• Advanced knowledge of Linux, MacOS, Windows operating systems
• Experience hardening operating systems
• Advanced programming experience (Java, Python, Golang, Bash, etc.)
• Experience with the Linux kernel and Linux software packaging
• Project management skills preferred.
• Passionate and eager to learn.

What we offer

• Comprehensive health insurance – Inpatient / Outpatient / Dental / Optical.
• Flexible vacation.
• All risk Insurance
• Office lunch
• Opportunity for company stock options