Security Engineer

Job Description

About the Role

The Security Engineer will be responsible for the following:

• Actively participate in the identification, investigation, and remediation of security incidents.
• Work closely with the Senior Security Incident Manager and Senior Security Engineer, to mitigate issues / risks (including, internal security incidents, and escalated incidents from a third-party SIEM provider).
• Work with Business and Infrastructure teams, to support security incidents (e.g., IT Operations, Cloud Platform Engineering, Site Reliability Engineering).
• Manage and enhance the organisation’s penetration testing and vulnerability management processes, verifying a proactive approach to identifying and mitigating security risks.
• Recommend security control improvements, which are commensurate with the risk profile of systems and data.
• The Security Engineer role will report to the Head of Information Security. The Security Engineer role will engage with stakeholders both locally and globally.

Key Accountabilities

• Partner with software engineers and Cloud Platform Engineering, to identify / remediate: Infrastructure-as-Code (IaC) misconfigurations, API security weaknesses, and cloud native design flaws.
• Implement and co-ordinate containment actions, in the event of an incident (e.g., isolating affected systems, blocking malicious IPs/domains).
• Optimise and integrate information security processes / toolsets (including., security incident management, vulnerability management, data loss prevention).
• Communicate technical issues to non-technical stakeholders and manage internal / external stakeholder expectations, to an agreed criteria (including., influence, negotiate, and provide advice).
• Review and implement security control for platforms, with Business and Infrastructure teams.
• Advocate for improvements / modifications to existing patch management policies and schedules, to verify critical / high vulnerabilities are addressed in a timely manner.
• Develop and coordinate remediation plans, to reduce PointsBet’s attack surface / risk exposure.
• Contribute to the identification of emerging threats, and develop preventative security measures.

Skills & Core Competencies

• Strong project management skills, and proficient in coordinating with cross-functional teams.
• Demonstrate an understanding of the life cycle of threats, attack vectors, and methods of exploitation.
• Demonstrate an understanding of intrusion set tactics, techniques, and procedures.
• Strong understanding of security principles, practices, and technologies.
• Exhibit good written and verbal communication skills with PointsBet peers and management.
• Experience in working on cloud platforms, with a strong preference for the Microsoft Azure platform.
• Significant experience in identifying and responding to threats (including, both internal and external), vulnerability management, email analysis, risk assessment, log analysis, threat intelligence, and cloud monitoring.
• Expertise in using Microsoft Defender and third-party SIEM tools, to manage and respond to critical security incidents.
• Identification of control gaps and recommend modifications / remediations, to address areas that affect PointsBet (including., legal, and compliance / regulatory, and preventative / detective security controls).

Essential Skills

• Four plus (4+) years of experience working in the security domain, and incident response.
• Participate in security processes (including., creation, and improvement).
• Promote a strong security risk culture (including., education, and awareness).
• Assist in the development and implementation of security documentation.
• Ability to detect, respond to, and mitigate security incidents.
• Experience using: Microsoft – Azure platforms (including., Entra, InTune, Defender, Cloud Apps, DevOps, kubernetes service, windows subsystem for Linux, event hubs, app services [API, Function, Logic, Web], virtual machines, database [SQL, Cosmos, Databricks]), Microsoft Defender Cloud, Wiz, and CloudFlare.
• Knowledge of technologies (including, firewalls, IDS / IPS, email security tools, device compliance, application restrictions, data protection, and network / endpoint protection.)
• Sound understanding of security processes (e.g., access management, vulnerability / patch management).

Are you interested in this position?

Apply by clicking on the “Apply Now” button below!

#GraphicDesignJobsOnline
#WebDesignRemoteJobs
#FreelanceGraphicDesigner
#WorkFromHomeDesignJobs
#OnlineWebDesignWork
#RemoteDesignOpportunities
#HireGraphicDesigners
#DigitalDesignCareers
# Dynamicbrand guru