Information Security Specialist

Overview

The Information Security Engineer is responsible for designing, implementing, and operating enterprise security controls across endpoints, networks, cloud platforms, identities, data, and applications.

The role ensures protection against cyber threats, proactive vulnerability management, and compliance with regulatory and internal security standards, while supporting business operations and transformation initiatives.

Key Responsibilities

Design, deploy, and manage endpoint security solutions (AV, EDR, XDR).

Ensure protection across desktops, laptops, servers, and mobile devices.

Manage endpoint hardening, patching, and threat response.

Support incident investigation and remediation related to endpoint threats.

Implement and manage network security controls, including:

• Firewalls (Next-Gen)
• IDS/IPS
• VPNs
• Web proxies

Monitor network traffic for threats and anomalies.

Support network segmentation and zero-trust security initiatives.

Native security services

Cloud security posture management (CSPM)

Implement identity, network, data, and workload protections in cloud.

Support cloud security architecture reviews and threat modeling.

Ensure compliance with cloud security best practices.

Manage email security platforms to protect against:

• Phishing
• Malware

Implement DMARC, DKIM, SPF, and email threat protection controls.

Investigate and respond to email-based security incidents.

Implement and manage IAM solutions, including:

• Identity lifecycle management
• Role-based access control (RBAC)
• Privileged access management (PAM)

Enforce MFA, conditional access, and least-privilege principles.

Support audits and access reviews.

Design and enforce DLP policies for:

• Email
• Cloud applications

Identify, classify, and protect sensitive data.

Investigate DLP incidents and support data protection initiatives.

Perform vulnerability scanning using enterprise tools.

Analyze findings, prioritize risks, and coordinate remediation.

Track vulnerability remediation metrics and SLA compliance.

Support penetration testing and remediation planning.

Support SOC activities including alert triage and investigation.

Participate in incident response, root cause analysis, and lessons learned.

Improve detection and response capabilities.

Support security compliance initiatives such as:

• ISO 27001
• SOC2
• GDPR
• Industry-specific regulations

Provide evidence, documentation, and remediation support for audits.

Ensure adherence to internal security policies and standards.

Required Skills & Experience

Core Technical Skills

Endpoint Security (EDR/XDR platforms)

Network Security (Firewalls, IDS/IPS, VPN)

Cloud Security (Azure / AWS / GCP)

Email Security platforms

Identity & Access Management (IAM, PAM)

Vulnerability Management tools and processes

SIEM / Security monitoring tools

Tools & Technologies (Examples)

• Endpoint: Defender, CrowdStrike, SentinelOne
• Cloud: Azure Security Center / Defender, AWS Security Hub
• DLP: Microsoft Purview, Symantec, McAfee

Soft Skills

• Strong analytical and problem-solving skills
• Clear communication with technical and non-technical stakeholders
• Ability to manage security incidents under pressure
• Proactive security mindset

Preferred Certifications

• CISSP / CISM / CISA
• CEH / Security+
• Azure / AWS Security certifications
• ISO 27001 Foundation or Lead Implementer

#J-18808-Ljbffr