Senior Information Security Engineer

📋 Description

• • Serve as a Senior Information Security Engineer responsible for designing, implementing, and maintaining enterprise-wide security controls to protect 3Pillar Global’s digital assets and client data.
• • Conduct regular security assessments, vulnerability scans, and penetration tests to identify and remediate risks across infrastructure, applications, and cloud environments.
• • Collaborate with engineering and DevOps teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed.
• • Develop and enforce security policies, standards, and procedures aligned with industry frameworks such as ISO 27001, NIST, and CIS Controls.
• • Monitor security events and incidents using SIEM tools, respond to alerts, and lead incident response efforts to contain, investigate, and remediate breaches.
• • Manage and maintain security tools including firewalls, IDS/IPS, endpoint protection, DLP, and identity and access management (IAM) systems.
• • Work directly with global delivery teams and US-based clients to assess security requirements for mission-critical software engagements and provide security guidance during pre-sales and delivery phases.
• • Prepare and present security posture reports to internal stakeholders and clients, demonstrating compliance with contractual and regulatory obligations.
• • Stay current with emerging threats, attack vectors, and security technologies to continuously improve the organization’s defensive capabilities.
• • Participate in audits and assessments for client-facing certifications and compliance initiatives, ensuring all security controls are documented and operational.
• • Provide mentorship and guidance to junior security team members and contribute to building a culture of security awareness across the organization.
• • Coordinate with third-party vendors and auditors to evaluate security posture of outsourced services and ensure alignment with 3Pillar’s security standards.
• • Support the implementation of secure architecture designs for cloud-native applications and hybrid environments, including AWS, Azure, and GCP.
• • Document security configurations, incident response playbooks, and risk mitigation strategies for knowledge sharing and operational continuity.
• • Act as the primary point of contact for security-related inquiries from clients and internal teams during project delivery and ongoing support.