Security Engineer - h/f

Network Security Management

• Designing, implementing, and maintaining resilient network architectures to mitigate cybersecurity risks and vulnerabilities.
• Optimizing performance and enhancing security posture by implementing:
  • Network segmentation and deploying traffic monitoring solutions, such as Network Access Control (NAC) and Firewalls, to fortify defences against potential threats.
  • Enforce least privileged, trust access, verifying each user or machine request, by deploying Privileged Access Management (PAM) solution.

Security

• Security Systems Administration: Administer security systems, including intrusion detection/prevention systems (IDS/IPS), antivirus software, and endpoint protection solutions. Monitor security events and alerts, investigate potential threats, and implement corrective actions to mitigate risks.
• Data Protection: Safeguard sensitive information and prevent unauthorized access, transmission, or leakage of data within the bank. Implement DLP technologies and policies, ensuring compliance with regulatory requirements and industry standards.
• Vulnerability Management: Conduct regular vulnerability assessments and penetration tests to identify security weaknesses in network infrastructure and applications. Develop and implement remediation plans to address identified vulnerabilities and ensure compliance with security standards and regulations.
• Incident Response and Forensics: Respond to security incidents and breaches in a timely and effective manner. Conduct forensic analysis to determine the root cause of incidents, contain the impact, and prevent recurrence. Collaborate with internal teams and external partners to coordinate incident response efforts and restore normal operations.

Technical Documentation, Policies, and Training

• Documentation Development: Maintain comprehensive documentation of network and security configurations, policies, and procedures. Ensure documentation is kept up-to-date and accessible to relevant stakeholders for reference and auditing purposes.
• Security Policy Development: Develop and maintain security policies, standards, and procedures to guide the secure configuration and operation of network and security systems. Ensure adherence to regulatory requirements and industry best practices in information security.
• Security Awareness Training: Provide security awareness training and education to employees to promote a culture of security awareness and compliance. Develop training materials and conduct workshops to enhance understanding of security risks and best practices.