Senior Security Engineer
Tech Stack / Keywords
Firma i stanowisko
GS Services is recruiting a Senior Security Engineer to join a cybersecurity team working with complex Windows/Linux infrastructures managed on-premises and in the cloud. The role involves designing, implementing, and operating large-scale corporate security mechanisms and collaborating with security, IT, platform, and engineering teams.
Wymagania
- Over 7 years of experience in security engineering or similar roles.
- Extensive experience with identity and access management (IAM), including Active Directory, Microsoft Entra (Azure AD), and SAML/SSO integrations.
- Proven experience with endpoint security platforms such as CrowdStrike and Microsoft Defender.
- Strong experience with large-scale Windows and Linux systems security and performance optimization.
- Proficient scripting and automation skills in PowerShell, Python, or similar.
- Experience integrating systems via APIs, automation pipelines, or orchestration tools.
- Deep knowledge of OS hardening, network security concepts, segmentation, and security monitoring pipelines.
- Excellent diagnostic, analytical, and problem-solving skills.
- Ability to work independently and manage multiple concurrent initiatives.
- Excellent written and verbal communication skills in English (minimum C1 level).
Nice to have:
- Knowledge of cloud security in AWS and/or Azure environments.
- Experience managing complex security projects.
- Experience with hardware firewall management and configuration.
- Experience implementing enterprise-scale phishing-resistant authentication systems.
- Experience with MDM platforms (Intune, Jamf) and device compliance systems.
- Familiarity with SIEM platforms such as Splunk or Sumologic.
- Experience securing AI usage.
Obowiązki
IAM:
- Assist in deploying sensitive data scanning and threat removal solutions.
- Improve reliability and usability of PAM solutions.
- Test and implement phishing-resistant authentication methods like Windows Hello for Business, FIDO2/YubiKey, and passwordless processes.
- Configure SAML for security applications.
Endpoint Security:
- Configure and optimize endpoint protection platforms (Microsoft Defender, CrowdStrike Falcon) on Windows and Linux.
- Manage policies, exclusions, and ensure stability across environments.
- Develop performance indicators for agents and security signals at scale.
Infrastructure and Network Security:
- Assist in firewall verification.
- Support segmentation and workload protection technologies (e.g., Zero Networks).
- Participate in secure architecture design for AWS/Azure and on-premises.
- Review and simplify Zero Trust rules in Cloudflare.
Artificial Intelligence:
- Implement AI security solutions for Claude, Cursor, GitHub, Microsoft Copilot.
- Identify hidden AI systems and develop removal tools.
Automation:
- Create scripts and automation in PowerShell, Python, and shell for resource labeling, monitoring verification, and audit reporting.
- Integrate security tools with APIs and CI/CD processes (e.g., Jenkins).
Detection, Response, Engineering, and Incident Support:
- Assess and optimize logging pipelines in corporate and SaaS environments.
- Implement and optimize intrusion detection/prevention and data loss prevention solutions.
- Support security operations in alert investigation and use AI for classification automation.
- Participate in root cause analysis and remediation.
Vulnerability and Application Security:
- Optimize vulnerability management tools like Nessus.
- Review application security tool results for coverage and remediation.
Cloud Security:
- Implement cloud security solutions for AWS and Azure.
- Identify and remediate IAM deviations.
- Configure roles and policies for least privilege access.
- Configure native or platform-independent security tools.
Project Leadership:
- Lead security engineering initiatives from design to production.
- Apply structured deployment strategies (canary, staging, phased rollout).
- Collaborate with DevOps, Platform, Engineering, and Corporate IT teams.
Benefity
- Hourly rate up to 210 PLN net + VAT.
- Onboarding includes several days in the London office.
- B2B contract, full-time.
- Remote work with occasional visits to the London office.
- Preferred certifications include CISSP, CEH, CompTIA CySA+ or Security+, and cloud security certifications like Microsoft SC-200 or AWS Security Specialty.
Inne informacje
Information about personal data processing according to GDPR by GS Services sp. z o.o., including data controller details, processing purposes, data recipients, storage periods, and candidate rights.
GS Services
7 aktywnych ofert