System Security Engineer

Systems Security Engineer1. Role SummaryOwns the design, implementation, monitoring, and continuous improvement of security controls across servers, operating systems, infrastructure, and enterprise environments.Responsible for ensuring secure configuration, vulnerability reduction, monitoring readiness, and operational resilience across development, staging, and production environments. Acts as a bridge between infrastructure, operations, SOC, and security teams to ensure security controls are effectively implemented and maintained.2. In-Scope Platforms / ToolingWindows / Linux ServersEndpoint Security (EDR/XDR)Active Directory / IAM / PAMSIEM (Splunk / Microsoft Sentinel)Tenable / NessusVulnerability Management ToolsServer Monitoring & Logging Tools3. Job Description – Key ResponsibilitiesSystem Security & Infrastructure ProtectionDesign, implement, and maintain security controls across server and infrastructure environments.Define and maintain secure baseline configurations and hardening standards.Ensure infrastructure security controls align with security policies and standards.Vulnerability & Exposure ManagementPerform vulnerability assessments and coordinate remediation activities.Validate remediation effectiveness and track closure.Prioritize remediation activities based on business and security risk.Monitoring & Security OperationsSupport security monitoring and integration of logs into SIEM platforms.Investigate security alerts and support incident response activities.Coordinate containment and remediation activities where required.Access & Configuration GovernanceReview privileged access and system access requests.Support IAM and PAM implementation and governance.Ensure system changes follow security and change management processes.Compliance & ReportingSupport audits and compliance assessments.Maintain security metrics and operational reporting.Prepare security procedures, standards, and technical documentation.4. GoalsMaintain secure and hardened infrastructure environments.Reduce vulnerability exposure and remediation timelines.Improve operational security visibility and monitoring.Establish audit-ready infrastructure security controls.Improve system resilience and reduce security incidents.Maintain compliance with internal and external security requirements.5. Specific Objectives (SMART)Within 30 days: Gain visibility into infrastructure environments, server inventory, security controls, vulnerability management processes, access models, and monitoring capabilities.Within 60 days: Identify security gaps across servers, operating systems, cloud, endpoint, and infrastructure environments; initiate remediation and hardening activities.Within 90 days: Improve vulnerability remediation timelines, strengthen monitoring coverage, reduce security exposure, and establish baseline compliance reporting.Ongoing: Maintain continuous monitoring, perform security assessments, drive remediation activities, and ensure secure operational practices across environments.6. Timeline & Engagement ModelPermanent7. Rationale & Framework AlignmentThis role supports secure infrastructure operations and implementation of security controls aligned with NIST CSF, ISO 27001, CIS Benchmarks, and infrastructure security best practices. Without dedicated ownership, infrastructure vulnerabilities, insecure configurations, and operational risks may remain unmanaged and impact business operations.8. Required Skills & CertificationsTechnical SkillsStrong hands-on experience in system and infrastructure security.Experience with Windows and Linux administration and hardening.Experience with vulnerability management platforms.Knowledge of SIEM, EDR/XDR, IAM, and security monitoring.Experience with cloud and infrastructure security controls.Scripting: PowerShell / Bash / Python (preferred).Soft SkillsStrong stakeholder management and communication skills.Ability to translate security requirements into operational actions.Strong analytical and troubleshooting skills.9. Reporting LineReports to the Cybersecurity Manager (Presight). Day-to-day coordination with the Security Operations and Engineering teams.