System Security Engineer

Systems Security Engineer

• Role Summary

Owns the design, implementation, monitoring, and continuous improvement of security controls across servers, operating systems, infrastructure, and enterprise environments.

Responsible for ensuring secure configuration, vulnerability reduction, monitoring readiness, and operational resilience across development, staging, and production environments. Acts as a bridge between infrastructure, operations, SOC, and security teams to ensure security controls are effectively implemented and maintained.

• In-Scope Platforms / Tooling
• Windows / Linux Servers
• Endpoint Security (EDR/XDR)
• Active Directory / IAM / PAM
• SIEM (Splunk / Microsoft Sentinel)
• Tenable / Nessus
• Vulnerability Management Tools
• Server Monitoring \& Logging Tools
• Job Description – Key Responsibilities

System Security \& Infrastructure Protection

• Design, implement, and maintain security controls across server and infrastructure environments.
• Define and maintain secure baseline configurations and hardening standards.
• Ensure infrastructure security controls align with security policies and standards.

Vulnerability \& Exposure Management

• Perform vulnerability assessments and coordinate remediation activities.
• Validate remediation effectiveness and track closure.
• Prioritize remediation activities based on business and security risk.

Monitoring \& Security Operations

• Support security monitoring and integration of logs into SIEM platforms.
• Investigate security alerts and support incident response activities.
• Coordinate containment and remediation activities where required.

Access \& Configuration Governance

• Review privileged access and system access requests.
• Support IAM and PAM implementation and governance.
• Ensure system changes follow security and change management processes.

Compliance \& Reporting

• Support audits and compliance assessments.
• Maintain security metrics and operational reporting.
• Prepare security procedures, standards, and technical documentation.
• Goals
• Maintain secure and hardened infrastructure environments.
• Reduce vulnerability exposure and remediation timelines.
• Improve operational security visibility and monitoring.
• Establish audit-ready infrastructure security controls.
• Improve system resilience and reduce security incidents.
• Maintain compliance with internal and external security requirements.
• Specific Objectives (SMART)

• Within 30 days:

Gain visibility into infrastructure environments, server inventory, security controls, vulnerability management processes, access models, and monitoring capabilities.

• Within 60 days:

Identify security gaps across servers, operating systems, cloud, endpoint, and infrastructure environments; initiate remediation and hardening activities.

• Within 90 days:

Improve vulnerability remediation timelines, strengthen monitoring coverage, reduce security exposure, and establish baseline compliance reporting.

• Ongoing:

Maintain continuous monitoring, perform security assessments, drive remediation activities, and ensure secure operational practices across environments.

• Timeline \& Engagement Model

Permanent

• Rationale \& Framework Alignment

This role supports secure infrastructure operations and implementation of security controls aligned with NIST CSF, ISO 27001, CIS Benchmarks, and infrastructure security best practices. Without dedicated ownership, infrastructure vulnerabilities, insecure configurations, and operational risks may remain unmanaged and impact business operations.

• Required Skills \& Certifications

Technical Skills

• Strong hands-on experience in system and infrastructure security.
• Experience with Windows and Linux administration and hardening.
• Experience with vulnerability management platforms.
• Knowledge of SIEM, EDR/XDR, IAM, and security monitoring.
• Experience with cloud and infrastructure security controls.
• Scripting: PowerShell / Bash / Python (preferred).

Soft Skills

• Strong stakeholder management and communication skills.
• Ability to translate security requirements into operational actions.
• Strong analytical and troubleshooting skills.
• Reporting Line

Reports to the Cybersecurity Manager (Presight). Day-to-day coordination with the Security Operations and Engineering teams.