296 Database Security jobs in the Philippines

Information Security Engineer III

Experience Level:
 5+ years

About the Role

We're looking for a highly skilled 
Information Security Engineer
 to strengthen and scale security across our cloud, application, and enterprise environments. In this role, you'll:

• Lead secure SDLC practices and embed security into every stage of the development lifecycle.
• Drive threat modeling, vulnerability management, and detection engineering.
• Operate and optimize key security platforms (EDR, DLP, SIEM, Email Security).
• Strengthen cloud and Microsoft 365 security, while ensuring enterprise resilience.

Key Responsibilities

Application & Cloud Security

• Integrate security into design, development, and deployment workflows.
• Conduct threat modeling and architecture reviews.
• Secure cloud platforms (AWS, Azure, Microsoft 365) through identity controls, hardening, and policy enforcement.

Security Platform Operations

• Operate and monitor EDR/XDR, DLP, SIEM, and email security platforms.
• Ensure tools are tuned, integrated, and delivering actionable insights.

Security Monitoring & Response

• Support day-to-day monitoring and incident investigations.
• Lead triage, containment, and remediation of threats.
• Contribute to detection tuning, post-incident reviews, and process improvements.

Threat & Vulnerability Management

• Identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and cloud.
• Support patching strategy, scanning, and threat intel correlation.

Endpoint & Infrastructure Hardening

• Implement secure configurations for Windows/Linux endpoints, servers, and network appliances.
• Align with CIS benchmarks and industry best practices.

Detection Engineering & Risk Management

• Build and tune detection logic in SIEM/XDR platforms.
• Collaborate across teams to reduce false positives and improve fidelity.
• Contribute to business continuity and disaster recovery planning.

Qualifications

• 5+ years of progressive experience in information security (application, cloud, infrastructure).
• Strong experience managing and securing 
  cloud platforms
   (AWS, Azure, Microsoft 365).
• Hands-on expertise with 
  security tools
  : EDR/XDR, DLP, SIEM, email security, vulnerability scanners.
• Knowledge of 
  secure SDLC, application security testing, DevSecOps
   practices.
• Familiar with 
  IAM, zero trust, and conditional access
   frameworks.
• Exposure to 
  threat modeling methodologies
   (STRIDE, MITRE ATT&CK).
• Understanding of 
  compliance standards
   (NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).

Why Join Us?

• Work on 
  high-impact security initiatives
   that safeguard financial systems worldwide.
• Grow with us through 
  certifications, training, and clear career pathways
  .
• Collaborate with 
  smart, driven colleagues
   solving complex security challenges.
• Thrive in a 
  hybrid setup
   (2x per month onsite) with a focus on trust and flexibility.
• Be part of a 
  Great Place to Work-certified company
   that values people, not just output.

Note on Data Privacy

By applying, you consent to the use of your personal data for recruitment purposes. Data may be shared with third-party services and our parent company, ETS London, for recruitment and assessment. For questions, contact our 
DPO at 
.

Experience Level: 5+ years

We are seeking a highly skilled Information Security Engineer to lead the development and implementation of robust security controls across our cloud, application, and enterprise environments. This individual will drive secure SDLC practices, lead threat modeling, manage detection and response capabilities, and strengthen security for cloud and Microsoft 365 platforms. The ideal candidate is a hands-on security expert with a broad technical background, deep problem-solving abilities, and a proactive mindset.

Key Responsibilities

1. Application & Cloud Security

• Implement secure SDLC initiatives by integrating security into design, development, and deployment workflows.

• Conduct threat modeling for both applications and infrastructure to identify and mitigate risks early in the lifecycle.

• Secure cloud platforms, including identity controls, configuration hardening, and policy enforcement.

• Assess and secure financial web applications hosted in AWS through code reviews, penetration testing coordination, and architecture reviews.

2. Security Platform Operations

• Operate and monitor key security platforms such as:

• EDR/XDR solutions

• DLP solutions across endpoints, cloud, and email

• Email Security Solutions

• Ensure proper tuning, coverage, and integration of security tools with enterprise IT systems and logging pipelines.

3. Security Monitoring & Response

• Participate in day-to-day security monitoring using SIEM, EDR/XDR, and other detection platforms to augment the SOC team when required.

• Assist in configuring and tuning monitoring tools for optimal detection coverage.

• Collaborate with different teams to investigate security alerts and incidents.

• Support incident response activities, including triage, containment, and remediation efforts.

• Contribute to post-incident reviews and continuous improvement of detection and response processes.

4. Threat & Vulnerability Management

• Implement and coordinate the identification, triage, and remediation of vulnerabilities across cloud, endpoints, and infrastructure.

• Support ongoing patch management strategy, vulnerability scanning, and threat intelligence correlation.

5. Endpoint & Infrastructure Hardening

• Implement and enforce hardened configurations for endpoints (Windows/Linux), servers, and network appliances.

• Align baseline configurations with CIS benchmarks and industry best practices.

6. Detection Engineering

• Understand, implement, and tune detection rules and logic in SIEM/XDR platforms for proactive threat identification.

• Collaborate with different colleagues to improve alert fidelity, reduce false positives, and create meaningful security detections.

7. Business Continuity & Risk

• Contribute to BCP/DR planning and implementation with a security-first approach.

• Collaborate with stakeholders to ensure critical business processes remain secure and resilient.

Qualifications

• 5+ years of progressive experience in information security roles, preferably with exposure across application, cloud, and infrastructure domains.
• Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Computer Engineering, Electronics Engineering, or related field.
• Experience in managing and securing cloud platforms.
• Hands-on experience with security tools including EDR, DLP, email security, vulnerability scanners, and SIEM.
• Working knowledge of secure SDLC practices, application security testing, and DevSecOps integration.
• Experience with identity and access management (IAM), conditional access, and zero trust architecture.
• Intermediate background in detection engineering, incident response, and threat modeling methodologies (STRIDE, MITRE ATT&CK, etc.).
• Familiarity with regulatory and compliance standards (e.g., NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).
• Excellent communication and collaboration skills; ability to work across technical and non-technical teams.

By applying to this job, you are permitting our organization to use your personal data solely for recruitment purposes. This data may be shared with third-party services to streamline the processing of your application and with our parent company, ETS London, for recruitment assessment and interview purposes.

We are committed to protecting and respecting your privacy. For more information on how we collect, use, store, and protect your personal data, please read our Privacy Notice or contact our

Data Protection Officer

About the Role

We are seeking a highly skilled and detail-oriented
Penetration Tester
to join our
Information Security Team
. The role involves
simulating cyberattacks
,
identifying vulnerabilities
, and
assessing risks
to ensure the security of our systems, applications, and infrastructure.

This position requires someone who can think like an attacker while working collaboratively with security, development, and IT teams to strengthen our defenses.

Key Responsibilities

• Conduct
  penetration tests
  on applications, networks, APIs, and systems to identify potential vulnerabilities.
• Simulate
  real-world cyberattacks
  to evaluate the effectiveness of existing security measures.
• Perform
  vulnerability assessments
  and recommend
  remediation strategies
  .
• Develop and maintain
  detailed reports
  of findings, risks, and mitigation plans for stakeholders.
• Collaborate with
  Threat & Vulnerability Analysts
  ,
  SOC teams
  , and
  Developers
  to ensure security gaps are addressed.
• Keep abreast of the
  latest security threats, tools, and techniques
  to continuously enhance testing methodologies.
• Participate in
  incident response activities
  by providing insights into exploited vulnerabilities.
• Ensure compliance with
  security policies
  ,
  regulations
  , and
  industry best practices
  .

Qualifications

Required:

• Bachelor's degree in
  Computer Science
  ,
  Cybersecurity
  ,
  Information Technology
  , or a related field.
• At least
  1–3 years
  of experience in
  penetration testing
  or
  offensive security
  .
• Strong understanding of
  network protocols
  ,
  web application security
  , and
  operating systems
  .
• Proficiency with penetration testing tools such as:
• Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali Linux
• Familiarity with frameworks and standards like
  OWASP Top 10
  ,
  NIST
  , and
  MITRE ATT&CK
  .
• Excellent problem-solving skills and an
  attacker mindset
  .
• Strong written and verbal communication skills for reporting and presentations.

Preferred / Nice-to-Have:

• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• GPEN (GIAC Penetration Tester)
• Experience in
  cloud security testing
  (AWS, Azure, GCP).
• Knowledge of
  secure coding practices
  and
  DevSecOps pipelines
  .

Job Summary:

The Information Security Engineer is responsible for protecting the organization's enterprise information systems, business applications, data assets and people by identifying and mitigating security risks. This role involves conducting comprehensive risk assessments, coordinates with SBU POC leads regarding incident response and remediation eAorts, administering security tools, monitoring networks for security breaches, and ensuring compliance with regulations such as DPA of 2012 and ALI Group company policies. Roles maintains functional accountability to ALI Group Information Security OAicer while maintaining an administrative reporting line to the ALH IT Director.

Duties & Responsibilities:

Security Monitoring and Incident Response

• Monitor the organization's data, IT infrastructure, and systems for security breaches and investigate any violations

• Lead the incident response to potential security incidents by providing detailed analysis, collaborating with various cybersecurity incident response teams, and recommending remediation actions

• Conduct root cause analysis and prepare comprehensive incident reports.

Vulnerability Management

• Perform regular vulnerability assessments and penetration testing to identify security gaps.

• Collaborate with IT teams to remediate identified vulnerabilities.

• Track and report on the status of vulnerabilities and remediation eAorts. Security Policies and Procedures

• Work with the ALI Group Information Security OAicer and CIO on the implementation of security policies, procedures, and guidelines.

• Ensure the implementation of policies and procedures are aligned with business objectives. Ensure compliance with relevant standards and regulatory requirements. Conduct regular reviews and updates of security policies for relevance to ALH business.

Security Awareness and Training

• Develop and deliver security awareness training programs for employees.

• Promote a culture of security awareness within the organization.

• Provide guidance and training on security best practices.

Compliance and Risk Management

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., DPA 2012, GDPR, PCI-DSS).

• Conduct risk assessments and provide recommendations to mitigate identified risks.

• Maintain documentation for compliance audits and assessments.

Collaboration and Communication

• Work closely with IT and other business units to ensure security measures are integrated into all aspects of the organization's operations.

• Communicate security issues and recommendations to senior management and stakeholders.

Security Management and Implementation

• Plan, implement, manage, monitor, and upgrade security measures for the protection of the organization's data, systems, and networks.

• Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.

Qualifications:

• Bachelor's degree in computer science, Information Technology, Engineering, Cybersecurity, or a related field.
• Relevant certifications (e.g., CompTIA Security+, CEH, CIS, ISACA certifications) are a plus.
• 5-7 years of experience in information security or a related field.
• Proficiency with security tools and technologies such as firewalls, IDS/IPS, SIEM, and antivirus software.
• Good understanding of risk management framework, methodologies and mitigation strategies.
• Good appreciation and knowledge of network security, application security, and data privacy & protection principles.  Strong analytical and problem-solving skills.
• Good appreciation and understanding of the security triad – CIA (Confidentiality, Integrity and Availability)
• Ability to learn quickly and adapt to new technologies and processes.
• Detail-oriented with a proactive approach to identifying and addressing security risks.
• Ability to coordinate with diAerent business units and stakeholders for incident response and remediation eAorts.
• Good communication skills
• Good project management skills

Join the Future of Fintech as a Information Security Engineer III at Etrading Software

At Etrading Software, we're not just another company—we're a vibrant, forward-thinking community where diversity, collaboration, and innovation thrive. Step into a workplace that values your unique perspective and rewards your hard work. We foster a high-trust environment where integrity, autonomy, and work-life balance are paramount. Get ready to revolutionize the financial industry with cutting-edge trading projects that will shape the future.

Why Choose Us?

• Happiness & Well-Being – Say goodbye to Sunday dread We prioritize work-life balance, ensuring a workplace where trust and respect thrive. With a hybrid setup (only 2x onsite per month), you have the flexibility to do your best work from where you thrive.
• Transparency & Trust – Open communication is at the heart of what we do. We foster a culture of clarity, accountability, and integrity, ensuring you always have a voice.
• Excellence & Growth – We are committed to continuous learning and innovation. With training, certifications, and career development opportunities, we support your professional growth every step of the way.
• Diversity & Inclusion – We embrace diverse perspectives, creating an empowering and inclusive workplace where everyone can contribute meaningfully.
• Collaboration & Impact – Work alongside industry leaders, developing high-frequency, low-latency trading applications that drive fairness and transparency in financial markets worldwide.

About the Role

We are seeking a highly skilled Information Security Engineer to lead the development and implementation of robust security controls across our cloud, application, and enterprise environments. This individual will drive secure SDLC practices, lead threat modeling, manage detection and response capabilities, and strengthen security for cloud and Microsoft 365 platforms. The ideal candidate is a hands-on security expert with a broad technical background, deep problem-solving abilities, and a proactive mindset.

Key Responsibilities

1. Application & Cloud Security

• Implement secure SDLC initiatives by integrating security into design, development, and deployment workflows.
• Conduct threat modeling for both applications and infrastructure to identify and mitigate risks early in the lifecycle.
• Secure cloud platforms, including identity controls, configuration hardening, and policy enforcement.
• Assess and secure financial web applications hosted in AWS through code reviews, penetration testing coordination, and architecture reviews.

2. Security Platform Operations

• Operate and monitor key security platforms such as:
• EDR/XDR solutions
• DLP solutions across endpoints, cloud, and email
• Email Security Solutions
• Ensure proper tuning, coverage, and integration of security tools with enterprise IT systems and logging pipelines.

3. Security Monitoring & Response

• Participate in day-to-day security monitoring using SIEM, EDR/XDR, and other detection platforms to augment the SOC team when required.
• Assist in configuring and tuning monitoring tools for optimal detection coverage.
• Collaborate with different teams to investigate security alerts and incidents.
• Support incident response activities, including triage, containment, and remediation efforts.
• Contribute to post-incident reviews and continuous improvement of detection and response processes.

4. Threat & Vulnerability Management

• Implement and coordinate the identification, triage, and remediation of vulnerabilities across cloud, endpoints, and infrastructure.
• Support ongoing patch management strategy, vulnerability scanning, and threat intelligence correlation.

5. Endpoint & Infrastructure Hardening

• Implement and enforce hardened configurations for endpoints (Windows/Linux), servers, and network appliances.
• Align baseline configurations with CIS benchmarks and industry best practices.

6. Detection Engineering

• Understand, implement, and tune detection rules and logic in SIEM/XDR platforms for proactive threat identification.
• Collaborate with different colleagues to improve alert fidelity, reduce false positives, and create meaningful security detections.

7. Business Continuity & Risk

• Contribute to BCP/DR planning and implementation with a security-first approach.
• Collaborate with stakeholders to ensure critical business processes remain secure and resilient.

Qualifications

• 5+ years of progressive experience in information security roles, preferably with exposure across application, cloud, and infrastructure domains.
• Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Computer Engineering, Electronics Engineering, or related field.
• Experience in managing and securing cloud platforms.
• Hands-on experience with security tools including EDR, DLP, email security, vulnerability scanners, and SIEM.
• Working knowledge of secure SDLC practices, application security testing, and DevSecOps integration.
• Experience with identity and access management (IAM), conditional access, and zero trust architecture.
• Intermediate background in detection engineering, incident response, and threat modeling methodologies (STRIDE, MITRE ATT&CK, etc.).
• Familiarity with regulatory and compliance standards (e.g., NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).
• Excellent communication and collaboration skills; ability to work across technical and non-technical teams.

By applying to this job, you are permitting our organization to use your personal data solely for recruitment purposes. This data may be shared with third-party services to streamline the processing of your application and with our parent company, ETS London, for recruitment assessment and interview purposes.

We are committed to protecting and respecting your privacy. For more information on how we collect, use, store, and protect your personal data, please read our Privacy Notice or contact our Data Protection Officer at .

Job Responsibilities

• Analyze, remediate, and approve firewall rules/policies in accordance with enterprise established standards and compliance requirements.
• Making critical decisions on enterprise security policies
• Utilizing the security monitoring tools to support audits (Ex: AlgoSec)
• Reporting and reviewing the compliance status and taking remediation actions
• Determine the severity and complexity of issues pertaining to the security and protection of systems data, (autonomously or as part of a team) to ensure the protections, conservation and accountability of proprietary, personal, or privileged electronic data
• Collaborate with director, managers, and other technical personnel to ensure mitigation of security risks pertaining to the company
• Defines, implements, audits, and maintains firewall security policies
• Promote the development of innovative approaches and solutions to complex problems and issues
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Job Qualifications

• 7+ years of Palo Alto Firewall experience
• 5+ years of Cloud Security experience
• 5+ years of Security Architect experience
• 5+ years of Firewall rule/policy compliance and governance experience
• 5+ years of Firewall rule analysis and remediation experience
• Proven communication skills for team and customer engagement
• Proven team player

Preferred Qualifications:

• Splunk experience
• AlgoSec experience
• Proven leadership skills

What we offer

• Market Total Rewards Package
• Retirement Plan
• Medical Plan (HMO) from Day 1 of employment
• Dental, Medical, and Optical Reimbursements
• Life and Disability Insurance
• Paid Time-Off Benefits
• Sick Leave Conversion
• Tuition Fee Reimbursement
• Employee Assistance Program (EAP)
• Annual Performance Based Merit Increases
• Employee Recognition
• Training and Staff Development
• Employee Referral Program
• Employee Volunteerism Opportunity
• All Mandatory Statutory Benefit

Who we are

• Optum is the health care technology and innovation company of the UnitedHealth Group enterprise along with UnitedHealthcare.
• As part of a Fortune 5 enterprise, we are improving the health care experience of over 125 million people around the world.
• We're a diverse team with operations across North America, South America, Europe, Asia Pacific and the Middle East.
• This includes our over 25,000 employees in the Philippines. Elevate your career with a leading health care company while improving lives.

We are seeking a dedicated and detail-oriented Information Security professional to join our team. The successful candidate will be responsible Security architecture assessments, risk assessments for new projects major changes and ensure security testing are completed as per AIA SLDL process.

Key Responsibilities:

• Experienced in performing Security and Controls Assessments with exposure to application security on on-premises and cloud platform solutions
• Deep technical understanding of architecture and solutioning of Enterprise and Cloud security including products and capabilities.
• To work in partnership with Business Units to provide advice on Infrastructure and Application Security related matters.
• Work collaboratively with key vendors and business partners to deliver effective security services for projects and ongoing BAU
• Provide subject matter expertise for security of infrastructure and applications
• Evaluate and identify cost effective, automated solutions to uplift current security assessment processes
• Support to conduct security testing for changes and new projects as per SDLC.
• Experience with deployment orchestration, automation and security configuration management is desirable
• Positive attitude towards learning new skills as required by the organization.

Qualifications and Skills:

• Degree holder in Computer Science or majoring in Information Systems, or related discipline.
• 4 years+ experience in SecurityRisk Assessments with security focus, gained in a sizable organization.
• Experience in security risk assessment and risk analysis
• Deep technical understanding of architecture and solutioning of Enterprise and Cloud security including products and capabilities.
• Experience with deployment orchestration, automation and security configuration management is desirable.
• Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), ISO 27001 certifications preferred.
• Strong technical skills in application development security practices.
• Practical experience assessing new technologies and applications.
• Be adaptable, able to interact and build strong relationships with people from a diverse range of backgrounds.

Key Attributes:

• Analytical mindset with the ability to assess risks and prioritize tasks.
• Strong organizational skills with the ability to manage multiple projects tasks simultaneously.
• A proactive approach to problem-solving and ability to handle high-pressure situations.

It's not just about the compliance; it's about the mission

At Career TEAM, we work to accelerate the human condition. Our award-winning portal, Career EDGE, transforms lives across the U.S.—and behind every secure experience is a cybersecurity expert like you.

We are looking for a Senior Information Security Engineer with deep experience in StateRAMP, FedRAMP, and/or TX-RAMP to take charge of our compliance efforts and champion a culture of security from code to cloud. You'll be the linchpin in our security architecture, helping to ensure Career EDGE meets the most rigorous standards for protecting government data—while working with a purpose-driven team that values innovation and impact.

By joining this incredible company, you will be:

• A founding security leader shaping how we build trust into every layer of our product.
• Play a major role in our NIST compliance programs and our efforts to obtain and maintain a GovRAMP verified status.
• Working on a product that directly helps thousands of individuals access workforce and educational services.
• Driving continuous improvement of security controls, policies, and architecture across cloud infrastructure.
• Mentoring engineers and advising product teams on secure-by-design principles.
• Enjoy a fully remote work environment.

As a Senior Information Security Engineer, your focus will be both strategic and hands-on:

• Lead the end-to-end process of StateRAMP readiness, gap remediation, and authorization.
• Provide guidance and oversight for FedRAMP Moderate and TX-RAMP certification efforts.
• Manage communication with third-party assessment organizations (3PAOs) and security consultants.
• Maintain the System Security Plan (SSP), POA&M, and related documentation.

• Design and maintain secure cloud infrastructure (primarily AWS), aligned with NIST controls.
• Implement technical safeguards for identity & access management, vulnerability management, and incident response.
• Support DevOps teams in security automation and secure CI/CD pipelines.
• Conduct risk assessments and penetration test planning and review.

• Collaborate with executive leadership on security strategy.
• Develop training materials to raise internal security awareness.
• Ensure alignment between security policies and engineering practices.

• Located in the Philippines with night shift work hours (to overlap with U.S. team).
• Proven experience leading or significantly contributing to StateRAMP, FedRAMP, and TX-RAMP compliance efforts.
• Expertise in NIST 800-53, FIPS 199/200, and continuous monitoring frameworks.
• Hands-on experience with AWS security services (IAM, GuardDuty, CloudTrail, Security Hub, etc.).
• Strong understanding of SOC2, GovRAMP, DevSecOps practices, and cloud infrastructure.
• Exceptional written and spoken English skills.
• Bachelor's degree in Cybersecurity, Computer Science, or a related field; relevant certifications (e.g., CISSP, CCSP, AWS Security Specialty) are a strong plus.
• Bonus: Experience with audit response, SIEM tools, or zero trust architecture.

Ready to lead security for a platform that changes lives?

Apply today and help us build trust into every login, every connection, and every breakthrough.

About Career TEAM:

Founded in 1996, Career TEAM is socially conscious organization that seeks to close the nation's opportunity divide through government-funded workforce development programs designed to help individuals get the skills, knowledge, and resources needed to obtain quality employment. In addition to administering these programs, Career TEAM develops and leverages cutting-edge software tools to ignite transformative change within the workforce development industry. Career TEAM is revolutionizing the operational landscape for workforce development professionals through its Career Edge platform, which includes state-of-the-art job training tools and advanced case management systems. For more information see and

Career TEAM's outstanding record has resulted in numerous honors, including:

• Named by Inc. Magazine as one of America's 500 fastest growing privately held companies
• Recipient of the US Chamber of Commerce Blue Chip Enterprise Award for innovation
• Featured by 60 Minutes, CNN, Money Magazine, Inc. Magazine and the British Broadcasting Network as an innovative, government funded solutions program
• Invited to the White House after being cited by the National Welfare-to-Work Partnership and National Alliance of Business as a top 10 US training provider

Career Team is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Background Check Requirements. Employment is contingent upon successful completion of a background check (including criminal, prior employment and education verification). Failure to satisfactorily complete the background check may affect the application status of applicants or continued employment of current employees who apply for the position.

Job Title: Information Security Engineer III

About the Role

We are seeking a highly skilled Information Security Engineer to lead the development and implementation of robust security controls across our cloud, application, and enterprise environments. This individual will drive secure SDLC practices, lead threat modeling, manage detection and response capabilities, and strengthen security for cloud and Microsoft 365 platforms. The ideal candidate is a hands-on security expert with a broad technical background, deep problem-solving abilities, and a proactive mindset.

Key Responsibilities:

Application & Cloud Security

• Lead secure SDLC initiatives by integrating security into design, development, and deployment workflows.
• Conduct threat modeling for both applications and infrastructure to identify and mitigate risks early in the lifecycle.
• Secure cloud platforms, including identity controls, configuration hardening, and policy enforcement.
• Assess and secure financial web applications hosted in AWS through code reviews, penetration testing coordination, and architecture reviews.

Security Platform Operations

• Operate and optimize key security platforms such as:
• EDR/XDR solutions
• DLP solutions across endpoints, cloud, and email
• Email Security Solutions
• Ensure proper tuning, coverage, and integration of security tools with enterprise IT systems and logging pipelines.

Threat & Vulnerability Management

• Lead and coordinate the identification, triage, and remediation of vulnerabilities across cloud, endpoints, and infrastructure.
• Support ongoing patch management strategy, vulnerability scanning, and threat intelligence correlation.

Endpoint & Infrastructure Hardening

• Develop and enforce hardened configurations for endpoints (Windows/Linux), servers, and network appliances.
• Align baseline configurations with CIS benchmarks and industry best practices.

Detection Engineering

• Design, implement, and tune detection rules and logic in SIEM/XDR platforms for proactive threat identification.
• Collaborate with different colleagues to improve alert fidelity, reduce false positives, and create meaningful security detections.

Security Monitoring & Response

• Participate in day-to-day security monitoring using SIEM, EDR/XDR, and other detection platforms to augment the SOC team when required.
• Assist in configuring and tuning monitoring tools for optimal detection coverage.
• Collaborate with different teams to investigate security alerts and incidents.
• Support incident response activities, including triage, containment, and remediation efforts.
• Contribute to post-incident reviews and continuous improvement of detection and response processes.

Business Continuity & Risk

• Contribute to BCP/DR planning and implementation with a security-first approach.
• Collaborate with stakeholders to ensure critical business processes remain secure and resilient.

Qualifications

• 8+ years of progressive experience in information security roles, preferably with exposure across application, cloud, and infrastructure domains.
• Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Computer Engineering, Electronics Engineering, or related field.
• Proven experience in managing and securing cloud platforms.
• Hands-on experience with security tools including EDR, DLP, email security, vulnerability scanners, and SIEM.
• Strong knowledge of secure SDLC practices, application security testing, and DevSecOps integration.
• Experience with identity and access management (IAM), conditional access, and zero trust architecture.
• Solid background in detection engineering, incident response, and threat modeling methodologies (STRIDE, MITRE ATT&CK, etc.).
• Familiarity with regulatory and compliance standards (e.g., NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).
• Excellent communication and collaboration skills; ability to work across technical and non-technical teams.

By applying to this job, you are permitting our organization to use your personal data solely for recruitment purposes. This data may be shared with third-party services to streamline the processing of your application and with our parent company, ETS London, for recruitment assessment and interview purposes.

We are committed to protecting and respecting your privacy. For more information on how we collect, use, store, and protect your personal data, please read our Privacy Notice or contact our

Data Protection Officer