Security Engineer

Responsibilities

• Data Security: Deploy and manage DLP policies across endpoints, cloud, and network to prevent unauthorized data movement. Continuously refine DLP rules to reduce false positives.
• Endpoint Security: Deploy and manage endpoint security agents at scale across servers, VMs, and containers. Operate host-based intrusion detection, and log collection with tuned alerting. Configure antivirus/antimalware schedules, exclusions. Build automated response playbooks.
• Network Security: Tune IDS/IPS, WAF policies, and rate-limiting rules. Conduct firewall rule audits to eliminate overly permissive access and enforce least privilege.
• 3-6+ years' experience in Security Engineering, SecOps, or Infrastructure Security, focusing on building and operating security controls.
• Experience deploying and managing endpoint security agents at scale, tuning detection rules
• Ability to manage certificate lifecycles from end to end, configure encryption services, set up secrets management, and troubleshoot certificate and TLS issues.
• Hands-on skill in securing cloud infrastructure, with strong preference for Oracle Cloud Infrastructure (OCI); experience with AWS and/or Azure is advantageous.
• Ability to configure and operate OCI Cloud Guard, Security Zones, Vault, WAF, Bastion, Identity Domains, and NSGs.
• Hands-on experience with GitOps workflows using GitHub, including branch protections, code reviews, and CI/CD pipelines.
• Competence in writing, maintaining, and troubleshooting Terraform configurations using the OCI Terraform Provider, managing remote state, and building reusable modules.
• Experience in building and maintaining security pipelines with GitHub Actions or similar tools.
• Ability to write functional automation scripts in Python and/or Bash for operational security needs.
• Someone who builds solutions, not just advises on controls. You implement security measures, not just recommend them.
• An automation-first mindset: if you have performed a task manually more than once, you automate it with a script or Terraform module.
• Comfortable working in the terminal, including SSH sessions, coding, log reading, and configuration debugging.
• Iterative and pragmatic, able to deploy secure defaults rapidly and improve them over time rather than waiting for the ideal solution.
• Collaborative and communicative, able to work alongside developers and platform engineers, explaining how to fix issues, not just reporting them.
• Curious and self-motivated, continuously learning, experimenting, and enhancing infrastructure security and automation.
• In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are

Benefits

Additional Information

We are looking for a proactive Security Engineer who possesses hands-on experience in building, configuring, deploying, and operating security controls, with a special emphasis on Oracle Cloud Infrastructure (OCI). The ideal candidate is capable of transforming security requirements into automated, repeatable, and functional solutions, prioritising practical execution over theoretical expertise. There is a strong focus on GitOps methodologies, Infrastructure as Code, and secure-by-default engineering principles.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Avaloq1? Share your experience