Job Description
We are seeking a System Engineer with 1-3 years of experience to help maintain our proactive defense posture. You will manage the end-to-end lifecycle of technical vulnerabilities: from initial detection via our Wazuh-ELK stack to the final deployment of patches across our server and workstation fleet. This is a hands-on role requiring a mix of data analysis, security monitoring, and systems administration.
Core Responsibilities
Regardless of your specific title, your day-to-day will likely revolve around these four pillars:
1.Monitoring & Detection
You act as the “eyes” of the organization, using SIEM tools (Wazuh, ELK Stack) to analyze logs and system behavior.
2.Vulnerability & Patch Management
Beyond finding security gaps, you are responsible for the entire remediation lifecycle: Scanning, Deployment & Validation.
3.Compliance & Reporting
You ensure the infrastructure remains within defined legal and technical boundaries:
- Drift Monitoring: Identifying systems that fall out of alignment with CIS Benchmarks.
- Audit Readiness: Generating the data and evidence needed for high-level audits like ReBIT or ISO 27001.
Required Skills
Technical Skills
These are the tools and technologies you should be able to navigate without a manual.
Network Security & Architecture
- Packet Analysis: Proficiency in Wireshark or Tcpdump to analyze traffic and identify malicious patterns.
- Protocols: Deep understanding of the OSI model, specifically how HTTP/S, DNS, DHCP, and SMB are exploited.
- Infrastructure: Knowledge of VPNs, Proxies, and the difference between Statefull and Stateless firewalls.
Endpoint & OS Mastery
- Windows Internal & AD: Understanding Active Directory, Group Policy Objects (GPOs), and how “Living off the Land” binaries (Windows tools used by hackers) work.
- Linux Proficiency: Ability to navigate the CLI, manage permissions, and analyze logs in /var/log using grep, awk, and sed.
- EDR/AV Management: Experience managing Endpoint Detection and Response tools (like CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint).
Cloud Security (Modern Essential)
- Shared Responsibility Model: Understanding what the provider (AWS/Azure/GCP) secures versus what the user secures.
- IAM (Identity & Access Management): Configuring the “Principle of Least Privilege” for users and service accounts.
Scripting & Automation
You don’t need to be a software engineer, but you must be able to read and modify code.
- Python: For automating log analysis or API integrations.
- PowerShell / Bash: Essential for interacting with OS environments and automating repetitive administrative tasks.
Analytical & Security Operations Skills
This is how you apply your technical knowledge to solve problems.
- Log Analysis (SIEM): The ability to write queries in ES/QL (ElasticSearch) or SPL (Splunk) to find needles in haystacks.
- Vulnerability Assessment: Moving beyond just running a scan (Nessus/OpenVAS) to interpreting the results and prioritizing them based on the business context.
- Threat Intelligence: Knowing how to use frameworks like MITRE ATT&CK to map attacker behavior and improve defenses.
Required Qualifications
- Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field.
- 1-3 years of experience in cybersecurity.
- Relevant certifications such as CEH, Security+, CCNA Security, or equivalent are an added advantage.
- Exposure to cloud security concepts is a plus.
- Strong analytical and problem-solving skills.
- Ability to learn and upgrade technical and other non-technical skills.
- Knowledge of security technologies, tools, and best practices.
