Objective: (summary about the position) Seeking a highly experienced **Security Lead Engineer** to lead the design, implementation, and continuous improvement of cybersecurity measures across our hybrid environment. This role requires overseeing infrastructure, application, and cloud security; managing threat detection and response systems; guiding the security posture of internally developed software; and ensuring regulatory compliance through GRC frameworks. The ideal candidate brings technical depth, leadership capabilities, and a proactive mindset to protect our digital assets and business operations. Responsibilities: **1\. Security Architecture \& Strategy** * Design, integrate, and maintain end\-to\-end security architecture for on\-premises and cloud environments. * Ensure secure network topology including segmentation, access control, and VPN tunnels. * Lead development and enforcement of security policies, procedures, and best practices. * Work closely with developers and IT architects to embed security into application and infrastructure design. **2\. SOC, SIEM, and Threat Management** * Oversee the operation and tuning of **Security Operations Center (SOC)** including **SIEM** platforms. * Manage endpoint protection through **EDR and threat\-hunting solutions**. * Manage and enhance email security systems to protect against phishing, malware, and spam, ensuring compliance with organizational security policies. * Lead incident response efforts and develop threat prevention strategies. **3\. Application and Cloud Security** * Supervise vulnerability scanning and penetration testing for internally developed applications. * Lead **WAF** deployment and optimization to protect business\-critical web applications. * Implement security best practices and policy enforcement across multi\-cloud environments **4\. Governance, Risk \& Compliance (GRC)** * Drive cybersecurity\-related compliance programs (e.g., **SOC 2 Type 2**, ISO 27001\). * Lead cross\-functional GRC initiatives and support internal/external audits. * Manage security risk assessments and recommend mitigation strategies. **5\. Documentation \& Collaboration** * Maintain detailed documentation for security controls, policies, systems, and incidents. * Plan and conduct quarterly security awareness sessions to educate staff on emerging cyber threats, security best practices, and the organization's security policies. * Work collaboratively with software engineers, network teams, DevOps, and business units. **Requirements** Min requirements: 1\. Education: Bachelor’s degree in engineering, Computer Science, Information Security or a related field. 2\. Experience: * 7 years in cybersecurity and information security roles. * 5\+ years of hands\-on experience in security architecture and threat management. 3\. Qualifications necessary for the vacancy. * Proven expertise in: o Security architecture for hybrid cloud/on\-prem setups. o Firewalls, WAF, EDR, SIEM, UTM, IPS, Proxy, and DDoS mitigation. o Network security protocols, subnetting, VPNs, and access control models. 4\. Set of skills necessary for the vacancy. * Problem\-Solving and Analytical Skills: o Ability to diagnose and resolve complex technical issues efficiently. o Skilled in designing and implementing scalable and secure IT solutions. * Organizational Skills: o Strong ability to manage multiple projects and prioritize tasks effectively. o Commitment to meeting deadlines and maintaining high\-quality standards. * Communication and Teamwork: o Excellent written and verbal communication skills. o Ability to collaborate effectively with team members and stakeholders. 5\. Certifications (Desirable): * CISSP, CISM, CEH, OSCP, CCSP * Cloud security certifications (e.g., AWS Security Specialty, Microsoft SC\-100/SC\-200\) * IT governance certifications (e.g., ISO 27001 LA, CISA)