Senior Security Engineer Global Security Services

Global Security Services - Senior Security Engineer

Role Summary:

The Security Engineer is responsible for identifying analyzing and remediating vulnerabilities and misconfigurations across the organizations IT landscape. This role drives the adoption and enforcement of industry-leading security standards and frameworks ensuring robust protection of enterprise assets. The engineer collaborates with IT operations architecture and business stakeholders to implement technical controls automate compliance and foster a culture of continuous security improvement.

Key responsibilities:

• Proactively identify and assess vulnerabilities and misconfigurations in infrastructure applications and cloud environments using automated tools and manual techniques.
• Develop implement and enforce security hardening standards (e.g. OWASP CIS Benchmarks CSA NIST ISO 27001 SOC 2 PCI DSS) across all technology stacks.
• Use and help improving enterprise security management tools (e.g. BigFix GPOs SCCM Ansible Chef Puppet and infrastructure-specific platforms).
• Lead or support vulnerability management processes including scanning prioritization remediation and reporting.
• Collaborate with IT operations and development teams to ensure secure configuration baselines and compliance with security policies.

Respond to security incidents conduct root cause analysis and implement corrective actions.

• Maintain up-to-date documentation of security standards procedures and technical controls.
• Stay current with emerging threats vulnerabilities and security technologies.
• Provide security awareness and technical training to IT staff and stakeholders.

Additional for Senior Engineer:

• Lead the implementation of enterprise-wide security solutions and automation for vulnerability management and configuration compliance.
• Serve as a subject matter expert on security standards and frameworks advising on risk mitigation and best practices.
• Drive continuous improvement initiatives for security posture including the evaluation and integration of new tools and processes.
• Mentor and guide junior engineers and cross-functional teams in secure design and operations.
• Represent the security function in audits compliance reviews and executive briefings.

Responsibilities and authorities

• Prioritize remediation activities based on risk exposure identified through the organizations risk management processes ensuring that the most critical vulnerabilities and misconfigurations are addressed first.
• Enforce and track remediation tasks across IT and business units to ensure timely closure of identified risks and alignment with enterprise security standards and frameworks (e.g. OWASP CIS CSA NIST ISO 27001 SOC 2 PCI DSS).
• Exercise authority to recommend implement and enforce technical controls and configuration baselines necessary for compliance with security policies and standards.
• Access and utilize vulnerability management configuration and monitoring platforms to identify assess and report on risk posture.
• Escalate unresolved or high-risk issues to security leadership and governance forums ensuring that risk acceptance or mitigation decisions are documented and approved at the appropriate level.
• Collaborate with IT operations development and business stakeholders to drive remediation efforts and foster a culture of accountability for security compliance.

Additional for Senior Engineer:

• Lead cross-functional remediation initiatives mentor junior staff on risk-based prioritization and represent the security function in risk and compliance reviews.

Key competences:

• Deep knowledge of enterprise IT infrastructure (Windows Linux cloud networking Firewalling virtualization).

Hands-on experience with security management and automation tools (BigFix GPOs SCCM Ansible etc.).

• Proficiency in vulnerability scanning and management platforms (e.g. Qualys Rapid7 Nessus).
• Familiarity with SIEM EDR and log management solutions.
• Scripting and automation skills (PowerShell Python Bash).
• Understanding of secure software development and DevSecOps practices.
• Strong analytical detail-oriented and proactive mindset.
• Excellent communication and collaboration skills.

Requirements:

Education:

• Bachelors degree in computer science Information Security or related field (or equivalent experience).

Languages:

• English (critical); other languages are a plus.

Computer Skills:

• Advanced proficiency in enterprise security and management tools scripting and automation.

Other:

• Industry certifications preferred: CISSP CISM CEH OSCP CompTIA Security GIAC Microsoft/AWS/Azure Security certifications.

Experience:

• Standard: 2 years in IT security or related roles.
• Senior: 5 years in IT security with demonstrated leadership in enterprise environments.

Personal qualities:

• Analytical detail-oriented and proactive.
• Strong communication and collaboration skills.
• Ability to work independently and as part of a team.
• High integrity and commitment to confidentiality.
• Continuous learner with a passion for security.

Internal and External Contacts/Customers:

• IT Operations Infrastructure and Development teams
• Security Operations Center (SOC)
• Risk Compliance and Audit functions
• External vendors and service providers.

We are the ASSA ABLOY Group
Our people have made us the global leader in access return we open doors for them wherever they go. With nearly 63000 colleagues in more than 70 different countries we help billions of people experience a more open world. Our innovations make all sorts of spaces physical and virtual safer more secure and easier to access.

As an employer we value results not titles or backgrounds. We empower our people to build their career around their aspirations and our ambitions supporting them with regular feedback training and development opportunities. Our colleagues think broadly about where they can make the most impact and we encourage them to grow their role locally regionally or even internationally.

As we welcome new people on board its important to us to have diverse inclusive teams and we value different perspectives and experiences.