Cybersecurity engineer

The Mission

As a Cybersecurity Engineer, you will act as a strategic partner to our clients. Your goal is to move beyond basic defense and toward a state of total resilience, ensuring that even under attack, critical business operations remain uninterrupted.

Key Responsibilities

• Resiliency & Strategy: Design and implement architectures that prioritize recovery by design. You'll assist clients in developing robust incident response and disaster recovery frameworks.

• Compliance & Certifications: Lead the charge in preparing clients for industrial certifications (e.g., ISO 27001, NIST, SOC2, or IEC 62443). You will conduct gap analyses and guide the remediation process.

• Hardware Hardening: Take a hands-on approach to securing the physical layer. This includes configuring BIOS/UEFI security, disabling unnecessary ports, and ensuring firmware integrity across diverse hardware environments.

• Audit & Governance: Perform regular compliance audits to ensure internal and external standards are met, translating complex technical requirements into actionable business insights.

Typical Day-to-Day Activities

Conducting firewall deployment

vulnerability assessments and penetration testing to identify systemic weaknesses.

Drafting and updating security policies and technical documentation.

Collaborating with IT and product teams to integrate security into the SDLC and hardware procurement cycles.

Monitoring threat intelligence feeds to pivot defense strategies against emerging zero-day threats.

Providing technical guidance during client workshops to bridge the gap between technical risk and business impact.The Mission

As a Cybersecurity Engineer, you will act as a strategic partner to our clients. Your goal is to move beyond basic defense and toward a state of total resilience, ensuring that even under attack, critical business operations remain uninterrupted.

Key Responsibilities

Resiliency & Strategy: Design and implement architectures that prioritize recovery by design. You'll assist clients in developing robust incident response and disaster recovery frameworks.

Compliance & Certifications: Lead the charge in preparing clients for industrial certifications (e.g., ISO 27001, NIST, SOC2, or IEC 62443). You will conduct gap analyses and guide the remediation process.

Hardware Hardening: Take a hands-on approach to securing the physical layer. This includes configuring BIOS/UEFI security, disabling unnecessary ports, and ensuring firmware integrity across diverse hardware environments.

Audit & Governance: Perform regular compliance audits to ensure internal and external standards are met, translating complex technical requirements into actionable business insights.

Conducting firewall setup and configurations to protect and tighten defenses for the perimeter.

Drafting and updating security policies and technical documentation.

Collaborating with IT and product teams to integrate security into the SDLC and hardware procurement cycles.

Monitoring threat intelligence feeds to pivot defense strategies against emerging zero-day threats.

Providing technical guidance during client workshops to bridge the gap between technical risk and business impact.

Expanded Day-to-Day Field Activities

While strategy is key, your daily routine will involve high-impact, hands-on field tasks:

• On-Site Hardware Hardening: Physically visiting client locations to perform Gold Standard builds. This includes locking down I/O ports, installing physical port blockers, and verifying that server racks are tamper-evident.
  
• Infrastructure Audits & Walkthroughs: Conducting physical security sweeps. You'll check for rogue devices (like unauthorized rubber ducky USBs or Wi-Fi pineapples) and ensure that critical hardware isn't vulnerable to evil maid attacks.

• Edge Device Deployment: Configuring and installing secure gateways, firewalls, and VPN concentrators directly at branch offices or industrial plants to ensure secure connectivity from the edge to the core.
  
• Legacy System Integration: Working with Air-Gapped or legacy industrial systems that can't be patched remotely. You will manually apply security updates and hardening scripts via secure, vetted media.
  
• Site-Specific Compliance Verification: Validating that the physical environment meets ISO or NIST standards-checking everything from biometric access logs to the redundancy of local power supplies (UPS).

• Network Mapping & Discovery: Using field tools to sniff out shadow IT devices on the local network that might not show up on remote scans, ensuring 100% asset visibility for the client.