About the Company

One of our clients, “A company in Yemen", is seeking to recruit a highly qualified employees where that company always relies on the recruitment of those with excellent educational qualifications and reputable people, and also to provide exceptional job opportunities.

Security Engineer

Department: Information Security and Compliance
Travel Requirement: No
Place: Sana’a Governorate
End Date: XX May 2025

Summary

The Security Engineer is responsible for designing, implementing, and maintaining security measures to protect the organization infrastructure, computer systems, networks, and data from cyber threats. This role involves assessing security risks, developing security solutions, and responding to security incidents to safeguard the organization's information assets and maintain compliance with regulatory requirements and industry standards.

Key Duties and Responsibilities

• Conduct security assessments to identify vulnerabilities and assess the security posture of the organization's systems and networks.
• Design and implement security controls and measures to protect against cyber threats, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, network analysis, identity analysis, data protection and encryption.
• Monitor security logs and alerts, investigate security incidents, and respond to security breaches in a timely and effective manner.
• Monitor security event logs and alerts from various sources, including intrusion detection/prevention systems, firewalls, endpoint security solutions, and security information and event management (SIEM & SOAR), EDR, Identity management, and information security systems.
• Develop and maintain security policies, procedures, and standards to ensure compliance with regulatory requirements such as (GDPR, HIPAA) and industry standards such as (ISO 27001, NIST Cybersecurity Framework).
• Collaborate with cross-functional teams, including IT, development, and operations, to integrate security best practices into the organization's systems and processes.
• Conduct security awareness training and provide guidance to employees on security best practices and procedures.
• Stay abreast of emerging threats, vulnerabilities, and security technologies through continuous learning and professional development activities.
• Participate in incident response planning and exercises to test and improve the organization's incident response capabilities.
• Evaluate and recommend security products and solutions to enhance the organization's security posture.
• Mitigate and resolve vulnerabilities found in systems and implement a solution for risks and threats.
• Prepare reports and presentations on security incidents, vulnerabilities, and risk assessments for management, stakeholders, and regulatory authorities.

Required Skills

• Proficiency in cybersecurity principles, concepts, and best practices.
• Familiarity with security tools and technologies, such as firewalls, IDS/IPS, SIEM & SOAR, Endpoint Protection, EDR, XDR methodology, encryption, and vulnerability assessment tools.
• Skill in incident detection, investigation, and response procedures, including forensics and malware analysis.
• Ability to assess and prioritize security risks, develop risk mitigation strategies, and implement security controls.
• Knowledge of regulatory requirements and compliance frameworks applicable to cybersecurity, such as GDPR, HIPAA, PCI DSS, ISO 27001, and NIST Cybersecurity Framework.
• Network Security: Understanding of network security principles and protocols, including TCP/IP, DNS, DHCP, and VPN.
• Excellent communication and interpersonal skills to communicate effectively with stakeholders and convey complex technical concepts to non-technical audiences.
• Strong analytical and problem-solving skills to analyze security incidents, identify root causes, and develop effective solutions.
• Ability to collaborate with cross-functional teams and work effectively in a team environment.
• Willingness to stay updated on emerging threats, vulnerabilities, and security technologies through continuous learning and professional development activities.

Education and Experience

• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as (CISSP, CEH, CompTIA Security+, Certified Information Security Manager (CISM), or other industry-recognized certifications).
• Minimum 3 years of experience in cybersecurity roles, including experience in security assessments, incident response, security architecture, and security operations.