Security Engineer

Role Summary: As a Security Engineer, you will manage security incidents, conduct threat hunting with SIEM/SOAR tools, and support IT audits. You will oversee vulnerability assessments, security training, and IT security for vessels. You will also lead security projects, provide advisory for projects, and engage with external parties on cyber threats.Employment Type: PermanentReports to: Senior Security ManagerRole and Responsibilities:Security IncidentsPerform investigations of Security incidents.Perform threat hunting using SIEM and SOAR tools.Monitor and analyze emerging threats, zero-day vulnerabilities, and advanced persistent threats (APT).Manage endpoint detection and response (EDR) solutions and ensure endpoints are hardened.Develop and maintain risk registers and security metrics dashboards for management reporting.Coordinate cyber drills and tabletop exercises with internal teams and external stakeholders.Evaluate and onboard new security technologies.Audit and GovernanceParticipate in internal and external IT audits.Maintain Incident Response Plans and IT policies.Perform Vulnerability Assessment and Penetration Testing.Conduct Security awareness training for the organization.Conduct phishing campaigns.Design and review IT/Cyber security architectures.Works with external parties (eg; CSA, MPA) on the latest cyber threats and trends.Assist in vessel IT security setup, review, audit and remedial actions.Support ISO27001 & SOC implementation and continuous improvement.ProjectsManages Security related projects.Acts as Security Advisory for all projects.Participate in Request for Proposal and Request for Quote process.Provide security input for cloud and SaaS adoption projects.Collaborate with DevOps teams to integrate security into CI/CD pipelines (DevSecOps).Requirements:Education & KnowledgeDegree in Information Security, Computer Science or related disciplines with at least 3 years of relevant experience.Knowledgeable in IT Security, Cloud Security, and security standards such as NIST, ISO 27000 and IMO.Azure Cloud Security: Strong expertise in Azure Security Center, Microsoft Defender for Cloud, and Azure Policy for real-time cloud threat management and compliance.IT Security Management experience of various aspects, e.g. network security, server security, application security, end point security, email security, physical access security, logical access security, etc will be an advantage.Knowledge managing network security devices (NextGen Firewalls, IDS, IPS, UTM, NAC, AV, etc.), Windows, Linux, and networking services will be an advantage.Preferred Certifications: CCSP (Certified Cloud Security Professional) and Azure Security Engineer Associate are highly preferred, in addition to other certifications such as CISSP, CISM, or CEH.Strong hands-on knowledge and experience with security architecture and implementation of Azure Cloud Computing (IaaS, Containers, AKS, DevOps, CI/CD) is mandatory.Proficiency in automating security workflows within CI/CD pipelines, focusing on Azure DevOps integration.Ideally completed 2 or more of the following certifications: SC-200, SC-300, AZ-500, MS-500 and SC-100.Knowledge of Vessel IT will be an advantage.Maritime Cybersecurity: Familiarity with maritime cybersecurity standards such as IMO guidelines and TMSA (Tanker Management and Self-Assessment) is a strong advantage for vessel IT security.Personal CharacteristicsStrong communication skills in both verbal and written.A team player who is able manage time, stress and expectations of stakeholders.Composed, detailed and analytical individual who is able to work in a fast-paced environment.Self-organizing, respect, commitment, and focus.Resourceful, innovative, and independent.Ability and willingness to work under pressure, and multiple concurrent tasks.Join our team and be part of an exciting journey towards personal and professional growth to make a real impact on global trade. If you are interested in the career opportunity, we invite you to apply today.We regret that only shortlisted candidates will be contacted.Attention to recruitment agencies:X-Press Feeders/Eastaway operates with a preferred supplier list (PSL) for recruitment purposes. As such, we will not be considering or accepting unsolicited applications from non-PSL agencies for the role currently available. We kindly request that you refrain from submitting applications on behalf of your clients. Thank you for your understanding and cooperation.