Information Security Engineering Team Lead

This role is responsible for overseeing the implementation and maintenance of security policies, procedures, and tools to protect the network, cloud and data center infrastructure, endpoints, and overall data of the company. This includes defining the security objectives, standards, and best practices, as well as identifying the security risks and vulnerabilities to protect corporate infrastructure and corporate perimeter from threats.

About your key responsibilities and impact:

1. Network Security

Architecting, implementing, and managing network security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, and secure VPNs;
Defining and supporting security profiles for corporate VPN;
Supporting and securing 3d party connections to the corporate infrastructure;
Collaborating with network engineering teams to design and deploy secure network architectures and configurations that mitigate security risks and ensure data confidentiality, integrity, and availability.

2. Endpoint Security

Designing, implementing, and maintaining endpoint security solutions, including endpoint detection and response (EDR), and endpoint management platforms, DLP agents;
Developing and enforcing endpoint security policies, configurations, and standards to protect laptops from malware, unauthorized access, and data breaches;
Conducting regular vulnerability assessments and patch management activities to address security vulnerabilities and ensure endpoint compliance with security standards;

3. Cloud & Infrastructure Security

Designing and architecting secure cloud solutions based on industry best practices and security principles;
Designing and implementing security controls for AWS cloud environments and data center infrastructure, ensuring alignment with security best practices and compliance requirements;
Designing a set of requirements to harden infrastructure components.

Essential professional experience:

In-depth knowledge of cybersecurity concepts, tools, principles, best practices and technologies;
Ability to develop and execute long-term security strategies to address evolving threats and risks;
Knowledge of common security threats, vulnerabilities, attack vectors, and mitigation strategies across application, infrastructure, and network layers;
Deep knowledge of implementing security controls and configurations as code using tools such as Terraform, Ansible;
In-depth understanding of endpoint security technologies and OS security configuration best practices (Linux, Windows, macOS);
Proficiency in antivirus software, endpoint detection and response (EDR), endpoint management platform, DLP for laptops and mobile devices;
Strong understanding of firewall technologies, including packet filtering, and stateful inspection;
Expertise in application layer filtering;
Experience with designing and implementing firewall rules to enforce security policies;
Expertise in configuring and managing Intrusion Detection/Prevention Systems (IDS/IPS) to detect and block malicious activities on the network;
Proficiency in Virtual Private Network (VPN) technologies for securing remote access and site-to-site communications, including the configuration of VPN concentrators, authentication methods, and encryption protocols;
Knowledge of device authentication mechanisms and protocols;
Strong understanding of security controls and skills of their administration in one of the popular cloud providers (AWS, GCP, Azure);
Knowledge of vulnerability management processes, including vulnerability scanning, prioritization, remediation, and tracking using tools like Nessus, Qualys, or OpenVAS;
Expertise in securing containerized applications and orchestrators like Docker, Kubernetes, and Docker Swarm, including container image scanning, runtime security, and access control;
Experience in defining, provisioning, and managing infrastructure resources using code, ensuring consistent and secure deployment environments;
Familiarity with security governance frameworks, policies, standards, and regulatory requirements (e.g., GDPR, PCI DSS, ISO/IEC 27001);
English: B2.