Lead Security Engineer

Job Summary:
The Lead Security Engineer (Infrastructure and Cloud) is a hands-on role responsible for ensuring the security of the company’s core infrastructure, including Office 365, Active Directory, physical servers, laptops, desktops, and mobile devices. Additionally, this role is responsible for the security of cloud assets, both for the company and clients. The Lead Security Engineer will actively develop and implement security policies, conduct regular security audits. This role involves direct engagement in security tasks and initiatives, rather than just team management
Key Responsibilities:
· Infrastructure Security:
· Manage and secure Office 365 and Active Directory services.
· Ensure the security of physical servers, laptops, desktops, and mobile devices.
· Develop and enforce security policies and procedures for core infrastructure.
· Conduct regular security audits and vulnerability assessments.
· Implement and manage security solutions such as firewalls, antivirus, and intrusion detection systems.
· Cloud Security:
· Oversee the security of company and client cloud assets.
· Implement and maintain cloud security policies and best practices.
· Monitor cloud environments for security threats and vulnerabilities.
· Collaborate with cloud service providers to ensure security compliance.
· Conduct regular security reviews and risk assessments for cloud infrastructure.
· Collaboration and Compliance:
· Work closely with the IT support team to address security issues.
· Collaborate with the Director of Infrastructure to develop strategic security initiatives.
· Ensure compliance with industry standards and regulatory requirements.
· Provide training and guidance to employees on security best practices.
· Prepare and present security reports to senior management.
Key Result Areas (KRA):
· Infrastructure Security Management:
· Maintain a secure environment for Office 365 and Active Directory.
· Ensure all physical hardware (servers, laptops, desktops, mobile devices) are secure and compliant with company policies.
· Successfully implement and manage security solutions for core infrastructure.
· Cloud Security Management:
· Implement robust security measures for cloud assets.
· Conduct regular security assessments and audits for cloud environments.
· Ensure compliance with cloud security policies and best practices.
· Risk Management and Compliance:
· Identify and mitigate security risks for both infrastructure and cloud environments.
· Ensure compliance with industry standards and regulatory requirements.
· Regularly update and enforce security policies and procedures.
· Team Collaboration and Support:
· Provide training and support to IT and other departments on security best practices.
· Collaborate effectively with the IT support team and other stakeholders.
· Prepare and present detailed security reports to senior management.
Qualifications:
· Bachelor’s degree in Computer Science, Information Technology, or a related field.
· Minimum of 5 years of experience in IT security, with a focus on infrastructure and cloud security.
· Strong knowledge of security frameworks, standards, and best practices.
· Experience with security tools and solutions (e.g., firewalls, antivirus, intrusion detection systems).
· Excellent analytical, problem-solving, and communication skills.
· Relevant certifications (Preferred)
· Certified Information Systems Security Professional (CISSP)
· Certified Cloud Security Professional (CCSP)
· Certified Information Security Manager (CISM)
· Certified in Risk and Information Systems Control (CRISC)
· Microsoft Certified: Azure Administrator
Personal Attributes:
· Strong attention to detail and a proactive approach to security.
· Ability to work independently and as part of a team.
· Excellent organizational and time management skills.
· Strong leadership and mentoring abilities.
Working Conditions:
· Full-time position with occasional on-call responsibilities for security incidents.
· May require occasional travel for training and conferences.