Apply now »

Security Specialist, Platform Security (GIT)

Description: 

Position Overview

The Security Specialist (Engineering) is a core technical position dedicated to the end-to-end implementation, operational management, and continuous optimization of the organization’s security technology stack. This role ensures that critical security controls, spanning endpoint protection, cloud guardrails, and identity systems—are effectively deployed, accurately configured, and integrated into enterprise-wide workflows. By serving as the technical link between Security Architecture and Security Operations, the specialist transforms high-level designs into functional, automated, and resilient defences while driving "Security-as-Code" initiatives and ensuring high-fidelity telemetry and actionable insights across all cloud and on-premises platforms.

 

Roles & Responsibilities

  • Security Infrastructure Engineering:
    • Deploy and configure SIEM/SOAR, EDR, CNAPP, DLP/CASB, PAM; maintain baselines and playbooks.
    • Own the lifecycle of these tools, including upgrades, patching, and performance tuning.
  • System & Network Hardening: 
    • Define and implement robust security baselines based on CIS Benchmarks or STIGs across Windows, Linux, and network environments to proactively eliminate attack vectors.
  • Attack Surface Reduction:
    • Continuously optimize configurations for WAF, firewalls, and endpoint policies; identify and decommission legacy protocols or insecure services.
  • Telemetry & Log Management:
    • Design, build, and manage onboarding of high-fidelity logs and data sources to the SOC, ensuring comprehensive visibility and normalized data for threat detection.
  • Cloud & DevSecOps
    • Implement and enforce "secure-by-default" policies in Azure/AWS using Infrastructure-as-Code (IaC) and Policy-as-Code
    • Integrate security scanners (SAST/DAST/Secrets) and SBOM checks into CI/CD pipelines.
    • Collaborate with DevSecOps teams to embed security checks without slowing delivery pipelines.
    • Container signing/attestations (Sigstore/COSIGN), infra image baselines, and artifact provenance beyond SBOM.
  • Incident Support
    • Provide Tier‑3 engineering support to security incidents; refine detections and response playbooks.
    • Build automation (scripts/runbooks) to reduce mean time to detect/respond.
  • Documentation & Training
    • Provide technical training for application and infrastructure teams to ensure they understand security guardrails and can perform self-service onboarding securely.
  • Tracking & Impact
    • Have clear measurable metrics for your activities e.g. EDR: ≥98% active, CNAPP: 100% accounts enrolled, DLP: 100% tier-1 data paths covered
    • Quarterly drift scans vs. baselines (CIS/STIG, desired state for WAF/EDR/CNAPP), with auto-remediation where safe.

 

Your Traits

  • Analytical Problem-Solver: Possesses a methodical approach to troubleshooting complex technical issues and identifying root causes in hybrid environments.
  • Operational Discipline: Detail-oriented and committed to following change management processes while maintaining high standards of quality.
  • Automation Mindset: Proactively looks for opportunities to replace manual security configurations with scripts and automated workflows.
  • Knowledge Sharer: Enjoys distilling complex technical configurations into clear, readable documentation and teaching others how to operate securely.
  • Collaborative & Service-Oriented: Works effectively across teams (DevOps, Infrastructure, SOC) and views security as a business enabler.

 

Your Merits

  • Experience: 3–7+ years of professional experience in security engineering or IT systems administration with a heavy focus on infrastructure hardening and documentation.
  • Technical Proficiency: 
    • Security Tools: Hands-on with at least three of: SIEM, EDR, CNAPP, DLP/CASB, PAM, WAF, vulnerability scanners. 
    • Infrastructure & OS Hardening: Expert-level knowledge of Windows/Linux security baselines (CIS/STIGs) and identity enforcement (Entra ID, MFA, Conditional Access).
    • Cloud & Network Defense: Proven experience in Azure/AWS security configurations, including VNET/VPC peering, Network Security Groups (NSGs), and WAF/API protection.
    • Security-as-Code & Automation: Proficiency in PowerShell, Python, or Bash; practical experience with IaC tools like Terraform or Azure Resource Manager (ARM).
    • Telemetry & Observability: Ability to build and troubleshoot logging pipelines to ensure high-fidelity data flow from cloud and on-prem assets to the SIEM.
  • Certifications (Core): GIAC GCED/GCIA/GCSA, CKS, Comptia Security+ 
    • Specialist: AZ-500, SC-200/SC300, AWS/GCP Security, vendor-specific (Tenable, Defender, CCNP, Zscaler, CyberArk, Splunk, Mitre MAD, Hashicorp).
    • Education: Bachelor’s degree in Cybersecurity, Computer Science, or a related field.

Our Commitment to You

At Time, we believe great work deserves great support. Here’s what you can look forward to when you join us:

  • Comprehensive medical coverage for you and your immediate family, including outpatient care, hospitalisation, dental and optical benefits.
  • Wellness support with an annual spending account for health-related needs, alternative treatments, or even paid-up premiums for personal insurance.
  • Employee assistance during life’s big moments, from celebrations to times of bereavement.
  • Learning & growth opportunities through dedicated time for learning, access to LinkedIn Learning and rewards for upskilling.
  • Cash rewards for recognised certifications and full reimbursement for up to two approved professional memberships each year.

 

*Only shortlisted candidates will be notified.

Apply now »