Security Engineer

We are looking for a proactive Security Engineer who possesses hands-on experience in building configuring deploying and operating security controls with a special emphasis on Oracle Cloud Infrastructure (OCI). The ideal candidate is capable of transforming security requirements into automated repeatable and functional solutions prioritising practical execution over theoretical expertise. There is a strong focus on GitOps methodologies Infrastructure as Code and secure-by-default engineering principles.

Key Responsibilities

• Data Security: Deploy and manage DLP policies across endpoints cloud and network to prevent unauthorized data movement. Continuously refine DLP rules to reduce false positives.
• Endpoint Security: Deploy and manage endpoint security agents at scale across servers VMs and containers. Operate host-based intrusion detection and log collection with tuned alerting. Configure antivirus/antimalware schedules exclusions. Build automated response playbooks.
• Network Security: Tune IDS/IPS WAF policies and rate-limiting rules. Conduct firewall rule audits to eliminate overly permissive access and enforce least privilege.
• Cryptography & Certificate Management: Automate the full certificate lifecycle (generate deploy rotate revoke) across all services. Configure encryption in transit and at rest using cloud-native and third-party KMS. Manage secrets management solutions with rotation access policies and CI/CD integration.
• Cloud Security & Secure-by-Default Configuration (OCI Preferred): Create secure-by-default templates (Terraform modules cloud policies guardrails) so all new resources meet security baselines. Operationalise OCI-native security services: Cloud Guard Security Zones Vulnerability Scanning Bastion WAF and IAM compartment policies. Harden cloud resources (compute storage databases) and enforce tagging compliance. Remediate misconfigurations through code and automation not just detection.
• GitOps Practices & Automation: Use GitHub as the single source of truth for all security configurations and infrastructure changes (version-controlled). Write and maintain Terraform modules (OCI provider) for security infrastructure provisioning. Enforce GitHub repository governance (branch protection code owners merge policies). Build CI/CD pipelines via GitHub Actions for terraform plan/apply static analysis policy-as-code enforcement and automated security scans. Manage Terraform state securely (remote backends state locking encryption RBAC). Script automation (Python/Bash) for log parsing bulk changes compliance reporting and alert enrichment.

Qualifications :

• 36 years experience in Security Engineering SecOps or Infrastructure Security focusing on building and operating security controls.
• Experience deploying and managing endpoint security agents at scale tuning detection rules
• Ability to manage certificate lifecycles from end to end configure encryption services set up secrets management and troubleshoot certificate and TLS issues.
• Hands-on skill in securing cloud infrastructure with strong preference for Oracle Cloud Infrastructure (OCI); experience with AWS and/or Azure is advantageous.
• Ability to configure and operate OCI Cloud Guard Security Zones Vault WAF Bastion Identity Domains and NSGs.
• Hands-on experience with GitOps workflows using GitHub including branch protections code reviews and CI/CD pipelines.
• Competence in writing maintaining and troubleshooting Terraform configurations using the OCI Terraform Provider managing remote state and building reusable modules.
• Experience in building and maintaining security pipelines with GitHub Actions or similar tools.
• Ability to write functional automation scripts in Python and/or Bash for operational security needs.
• Someone who builds solutions not just advises on controls. You implement security measures not just recommend them.
• An automation-first mindset: if you have performed a task manually more than once you automate it with a script or Terraform module.
• Comfortable working in the terminal including SSH sessions coding log reading and configuration debugging.
• Iterative and pragmatic able to deploy secure defaults rapidly and improve them over time rather than waiting for the ideal solution.
• Collaborative and communicative able to work alongside developers and platform engineers explaining how to fix issues not just reporting them.
• Curious and self-motivated continuously learning experimenting and enhancing infrastructure security and automation.

Additional Information :

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire compensate and promote regardless of origin age gender identity sexual orientation or any other fantastic traits that make us all unique we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LI-Hybrid

Remote Work :

No

Employment Type :

Full-time