IT Security Engineer - Offensive Security (Red Team)

This role focuses on Offensive Security, with an emphasis on Penetration Testing to identify, exploit, and remediate vulnerabilities across systems, networks, and applications.SummaryThe Security Engineer will oversee IT security assessments for corporate desktops, servers, infrastructure applications, and networks. This role is pivotal in enforcing security policies, ensuring compliance with external audit requirements, and implementing recommendations. The engineer will also monitor alerts for anomalies or malicious activity and address audit findings.Key ResponsibilitiesVulnerability and Penetration TestingPlan, execute, and follow up on vulnerability scans, penetration tests, and remediation processes across all scopes.Organize and manage Purple Team exercises, including remediation efforts.Firewall and Network SecurityConduct annual firewall rule reviews and manage firewall rule change processes.Review and validate network architecture designs.Compliance and ControlsEnsure adherence to IT security directives and regulatory guidelines (e.g., FFIEC, NIST).Perform cybersecurity controls and support continuous monitoring through Key Risk Indicators (KRIs) and Key Controls.Respond to internal audit findings by developing controls and documentation.System and Host MonitoringRegularly perform host discoveries to ensure all assets comply with standards and are appropriately monitored.Validate compliance with security patches on all servers and desktops.Ensure security tools (e.g., AV, DLP, patch agents) are effectively registered and monitored.Process Optimization and AutomationEnhance security controls and processes through scripting, tools, and automation.Continuously assess risks, threats, and vulnerabilities to evolve security functions.Awareness and DevelopmentStay updated on cybersecurity trends and industry best practices.Develop solutions for malware, advanced persistent threats, and other cyber risks.Support IT security awareness campaigns and act as a backup for the IT Security Engineering Manager.Policy MaintenanceUpdate local policies, procedures, and standards.Management and ReportingReports toDirector of IT Security Engineering.Internal ContactsCollaborates with IT, security, and audit teams.External ContactsEngagements vary by project or incident, involving IT, business, and management stakeholders.

Created: 2025-01-27