IT Security Engineer (Hybrid: On-Prem & Azure Cloud)

Role Purpose:

We are seeking a versatile Security Engineer to safeguard our organization's digital and physical assets. This role is unique-you will bridge the gap between on-premise infrastructure (Firewalls, Biometrics CCTV) and Cloud Security (Azure, DevSec Ops). You will be the technical lead in ensuring our hybrid environment is resilient against threats and compliant with international standards like PCI-DSS.

Key Responsibilities:

1. Hybrid Infrastructure & Network Security

• Next-Gen Firewall Management: Design, deploy, and maintain robust firewall policies across SonicWall, Palo Alto, Cisco ASA, and Fortinet environments.
• Network Governance: Manage SonicWall NMS/GMS and administer Cisco ISE to ensure strict Identity and Access Management (IAM).
• Vulnerability Management: Execute regular scans via OpenVAS, prioritizing and remediating risks across the internal network.
• Security Monitoring: Lead threat detection efforts by analyzing logs through Wazuh and Graylog to identify and respond to incidents in real-time.

2. Cloud Security & DevSecOps (Microsoft Azure)

• Cloud Governance: Manage and optimize Microsoft Defender for Cloud to maintain a strong security posture (CSPM).
• Azure Security Engineering: Configure Azure Firewalls, NSGs, and Key Vaults to protect cloud-native workloads.
• Infrastructure as Code (IaC) Security: Design and implement security guardrails within the Azure DevOps pipeline (DevSecOps), ensuring code is scanned before deployment.

3. Physical Security & Compliance

• Integrated Physical Security: Oversee the technical maintenance of Biostar biometric systems, CCTV networks, and TZ server rack access controls.
• Audit Leadership: Serve as the primary technical point of contact for security audits, specifically driving PCI-DSS compliance and internal risk assessments.

Required Experience & Qualifications:

• Experience: Minimum 3-5 years of hands-on experience in IT Security, covering both hardware and cloud environments

• Technical Proficiency:

1. Firewalls: Deep expertise in at least two of the following: SonicWall, Palo Alto, or Cisco ASA.
2. On-Prem Tools: Proven knowledge with Cisco ISE, Wazuh, or Graylog.
3. Cloud: Strong working knowledge of Microsoft Azure (Identity, Networking, and Security tools).
4. DevSecOps: Good to have knowledge on Security Scans such as Dependency Scanning, Secrets Scanning, Code Security scanning.

• Compliance: Practical experience in preparing documentation and technical controls for PCI-DSS.

• Physical Security: Familiarity with biometric integration (Biostar) and CCTV infrastructure.

• Certification(Bonus): AZ-500 (AzureSecurity Engineer), PCNSE, or CISSP/CISM.