Senior Security Engineer - Global Security Services

Global Security Services - Senior Security Engineer

_______________________________________________________________________

Role Summary:

The Security Engineer is responsible for identifying, analyzing, and remediating vulnerabilities and misconfigurations across the organization’s IT landscape. This role drives the adoption and enforcement of industry-leading security standards and frameworks, ensuring robust protection of enterprise assets. The engineer collaborates with IT operations, architecture, and business stakeholders to implement technical controls, automate compliance, and foster a culture of continuous security improvement.

Key responsibilities:

• Proactively identify and assess vulnerabilities and misconfigurations in infrastructure, applications, and cloud environments using automated tools and manual techniques.
• Develop, implement, and enforce security hardening standards (e.g., OWASP, CIS Benchmarks, CSA, NIST, ISO 27001, SOC 2, PCI DSS) across all technology stacks.
• Use and help improving enterprise security management tools (e.g., BigFix, GPOs, SCCM, Ansible, Chef, Puppet, and infrastructure-specific platforms).
• Lead or support vulnerability management processes, including scanning, prioritization, remediation, and reporting.
• Collaborate with IT operations and development teams to ensure secure configuration baselines and compliance with security policies.

Respond to security incidents, conduct root cause analysis, and implement corrective actions.

• Maintain up-to-date documentation of security standards, procedures, and technical controls.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Provide security awareness and technical training to IT staff and stakeholders.

Additional for Senior Engineer:

• Lead the implementation of enterprise-wide security solutions and automation for vulnerability management and configuration compliance.
• Serve as a subject matter expert on security standards and frameworks, advising on risk mitigation and best practices.
• Drive continuous improvement initiatives for security posture, including the evaluation and integration of new tools and processes.
• Mentor and guide junior engineers and cross-functional teams in secure design and operations.
• Represent the security function in audits, compliance reviews, and executive briefings.

Responsibilities and authorities

• Prioritize remediation activities based on risk exposure identified through the organization’s risk management processes, ensuring that the most critical vulnerabilities and misconfigurations are addressed first.
• Enforce and track remediation tasks across IT and business units to ensure timely closure of identified risks and alignment with enterprise security standards and frameworks (e.g., OWASP, CIS, CSA, NIST, ISO 27001, SOC 2, PCI DSS).
• Exercise authority to recommend, implement, and enforce technical controls and configuration baselines necessary for compliance with security policies and standards.
• Access and utilize vulnerability management, configuration, and monitoring platforms to identify, assess, and report on risk posture.
• Escalate unresolved or high-risk issues to security leadership and governance forums, ensuring that risk acceptance or mitigation decisions are documented and approved at the appropriate level.
• Collaborate with IT operations, development, and business stakeholders to drive remediation efforts and foster a culture of accountability for security compliance.

Additional for Senior Engineer:

• Lead cross-functional remediation initiatives, mentor junior staff on risk-based prioritization, and represent the security function in risk and compliance reviews.

Key competences:

• Deep knowledge of enterprise IT infrastructure (Windows, Linux, cloud, networking, Firewalling, virtualization).

Hands-on experience with security management and automation tools (BigFix, GPOs, SCCM, Ansible, etc.).

• Proficiency in vulnerability scanning and management platforms (e.g., Qualys, Rapid7, Nessus).
• Familiarity with SIEM, EDR, and log management solutions.
• Scripting and automation skills (PowerShell, Python, Bash).
• Understanding of secure software development and DevSecOps practices.
• Strong analytical, detail-oriented, and proactive mindset.
• Excellent communication and collaboration skills.

Requirements:

Education:

• Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience).

Languages:

• English (critical); other languages are a plus.

Computer Skills:

• Advanced proficiency in enterprise security and management tools, scripting, and automation.

Other:

• Industry certifications preferred: CISSP, CISM, CEH, OSCP, CompTIA Security+, GIAC, Microsoft/AWS/Azure Security certifications.

Experience:

• Standard: 2+ years in IT security or related roles.
• Senior: 5+ years in IT security, with demonstrated leadership in enterprise environments.

Personal qualities:

• Analytical, detail-oriented, and proactive.
• Strong communication and collaboration skills.
• Ability to work independently and as part of a team.
• High integrity and commitment to confidentiality.
• Continuous learner with a passion for security.

Internal and External Contacts/Customers:

• IT Operations, Infrastructure, and Development teams
• Security Operations Center (SOC)
• Risk, Compliance, and Audit functions
• External vendors and service providers.

We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 63,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. 

As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.