Cyber Security Engineer – Secure Design & Operations

About the role

The Cyber Security Engineer will design, implement and operate security controls across network, cloud, identity, endpoint and application environments. You will work closely with IT, application and operations teams to embed security by design, improve detection and response, and ensure compliance with regulatory and internal standards.

Key responsibilities

• Design, deploy and maintain security controls such as NGFW, WAF/WAAP, VPN, NAC, DLP, EDR, IAM/MFA/PAM, and vulnerability management solutions.
• Participate in security architecture reviews for new projects, identify risks and recommend compensating controls.
• Lead evaluation and proof‑of‑concept activities for security products, documenting outcomes and implementation plans.
• Own end‑to‑end delivery of security projects, including planning, change management, validation and hand‑over to operations.
• Operate and fine‑tune security tooling, optimise policies, perform hygiene checks and reduce alert noise.
• Provide L2/L3 troubleshooting for security incidents, conduct root‑cause analysis and implement preventive fixes.
• Create and maintain audit‑ready documentation: secure configuration guides, SOPs, high‑level/low‑level designs, diagrams and runbooks.
• Support compliance and audit activities by gathering evidence, validating controls and reporting on observations.
• Identify automation and process‑improvement opportunities, leveraging analytics, AI/ML‑driven detection where appropriate.

Required profile

• 4–8 years of hands‑on experience implementing and operating enterprise security solutions.
• Strong networking fundamentals (routing, switching, TCP/IP, DNS, load balancing) and security concepts (segmentation, zero trust, encryption, threat modelling).
• Experience with at least one major cloud platform (Azure, AWS or GCP) and its native security services.
• Familiarity with security frameworks and best practices such as ISO 27001, PCI‑DSS, CIS Benchmarks, OWASP and SANS.

Required skills

• NGFW
• WAF/WAAP
• VPN
• NAC
• DLP
• EDR
• IDS/IPS
• IAM, MFA, PAM
• MDM
• Vulnerability management
• Azure, AWS, GCP
• Network security, identity, logging/monitoring, key management
• Routing, switching, TCP/IP, DNS, load balancing