Senior IT Security Engineer

Job Summary:

We are seeking a highly skilled and experienced IT Security Engineer to strengthen and secure enterprise applications, infrastructure, APIs, and digital platforms. The ideal candidate must have strong expertise in application security, security monitoring, incident detection, and vulnerability assessment. This role requires hands-on experience in securing APIs, microservices architecture, databases, and mobile applications (iOS & Android), as well as deep understanding of cybersecurity frameworks and security operations.

Requirements:

• Bachelor’s Degree (S1) in Computer Science, Information Technology, Cyber Security, Information Systems, or related fields.
• Minimum 5 years of experience in IT Security, Cyber Security, or Security Engineering roles.
• Strong understanding and hands-on experience in: OWASP Top 10, Securing APIs and Microservices Architecture, Database Security, SIEM, EDR, MITRE ATT & CK Framework
• Experience conducting security testing and vulnerability assessment for: iOS Applications and Android Applications
• Strong knowledge of application security principles, authentication, authorization, and encryption mechanisms.
• Experience in security incident monitoring, analysis, and response.
• Familiar with penetration testing, vulnerability scanning, and threat hunting activities.
• Strong understanding of network security, web security, and cloud security concepts.
• Experience working with security tools and monitoring platforms.
• Familiar with DevSecOps and Secure SDLC practices.

Responsibilities:

• Design, implement, and maintain enterprise security solutions and security controls.
• Secure APIs, microservices, databases, and enterprise applications against cyber threats and vulnerabilities.
• Perform security assessments, vulnerability analysis, and penetration testing for web and mobile applications (iOS & Android).
• Monitor, analyze, and investigate security events using SIEM and EDR platforms.
• Implement and maintain security monitoring, alerting, and incident response processes.
• Conduct threat analysis and mapping using the MITRE ATT&CK Framework.
• Ensure compliance with OWASP Top 10 and secure coding best practices.
• Collaborate with development, infrastructure, and DevOps teams to implement security improvements within SDLC and CI/CD pipelines.
• Investigate security incidents and perform root cause analysis.
• Develop security policies, procedures, standards, and technical documentation.
• Support cybersecurity awareness and security best practices across technical teams.
• Stay updated with the latest cybersecurity threats, vulnerabilities, and industry trends.

Preferred Qualifications:

• Security certifications such as CEH, CompTIA Security+, OSCP, CISSP, or related certifications are a plus.
• Experience with cloud security platforms (AWS, Azure, Huawei Cloud, or GCP).
• Familiarity with container security and Kubernetes security is an advantage.
• Experience with WAF, IDS/IPS, SOAR, or Zero Trust Architecture is preferred.