D&T Sr Analyst - Security Engineer

The Sr. Analyst - Security Engineer is a part of the Aramex Technology team who will ensure the integrity, confidentiality, and availability of our digital assets and infrastructure. This role will implement and maintain robust security measures across networks and systems to protect against cyber threats, ensuring that our security practices align with business objectives.

This role requires staying up to date with the latest security trends, technologies, and regulations, and promptly responding to security incidents. The Sr. Analyst - Security Engineer will safeguard digital assets from cyber threats and collaborate closely with cross-functional teams to integrate security requirements into IT projects. This position demands technical expertise, proactive incident response, and a thorough understanding of current and emerging cybersecurity threats and solutions.

Customer:

• Ensure the security and privacy of customer data by implementing robust security measures.
• Respond promptly to security incidents affecting customers, ensuring minimal impact and quick resolution.
• Provide technical support to customers regarding security issues.
• Proactively engage with internal customers within the Technology division and other parts of the business to understand their IT security requirements.

People:

• Collaborate with other departments to integrate security into all aspects of the organization.
• Stay updated with the latest security trends and ensure continuous learning and development for the team.

Operations:

• Oversee the implementation and maintenance of security infrastructure.
• Ensure that security tools and technologies are up-to-date and effectively configured.
• Manage and coordinate responses to security incidents and breaches.
• Ensure the security of our IT infrastructure by implementing best practices and monitoring systems to prevent and mitigate cyber threats.
• Oversee the delivery of IT security services and solutions worldwide, ensuring the highest levels of system and infrastructure availability.
• Integrate security considerations into the organization's change management processes to ensure that new systems, applications, and processes are securely implemented.
• Collaborate with IT teams to ensure that security is integrated into the architecture and design of all new systems and applications.
• Implement and manage data encryption solutions to protect sensitive data both in transit and at rest.
• Develop and maintain a patch management process to ensure all systems and applications are regularly updated and protected against known vulnerabilities.
• Ensure the security of all endpoint devices, using antivirus software, encryption, and endpoint detection and response (EDR) solutions.
• Conduct regular risk assessments and vulnerability analyses to identify, evaluate, and mitigate potential security threats to the organization.

Financial Result:

• Ensure cost-effectiveness and benefit from acquired technologies and services.
• Collaborate with relevant teams to secure the necessary budget for security tools and solutions and monitor the validity of current subscriptions and licenses for these tools.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• A Minimum of 1-3 years of experience in IT security roles, conducting security assessments, implementing security controls, and managing security incidents.
• Strong understanding of cybersecurity principles, frameworks, and best practices.
• Familiarity with security technologies and tools, such as firewalls, intrusion detection/prevention systems, EDR/XDR, WAF, and SIEM solutions.
• Excellent analytical, problem-solving, and decision-making skills, with the ability to assess complex security issues and recommend effective solutions.
• Familiarity with different operating systems and cloud platforms.
• Proficiency in using and managing Office 365 Security portals.
• Strong ability to work with remote teams.
• Knowledge of public key infrastructure components and their implementation.
• Understanding of DNS functionality and proper management practices.
• Awareness of common security vulnerabilities, including knowledge of OWASP, and ability to patch them effectively.